[g4] Re: [ca-tf] Draft pre-read document for the CA-TF workshop of 13 February
Leo Vegoda leo.vegoda at icann.org
Wed Feb 14 18:28:11 CET 2007
On Feb 14, 2007, at 3:49 PM, Henk Uijterwaal wrote: [...] >> It is often implied that certification will improve the overall >> quality >> of registration data and provide a better handle on who is the >> user of a >> certain block of address space. I argue that it is more likely >> that this >> will not be the case: >> 1) New certificates for existing address space will be based on the >> current registration data. So by definition they cannot be more >> accurate. > > If we hand out certificates for all our data based on current > registration > data, then yes, you are right. If, OTOH, we only make certificates > available > to people who ask for it, then the data quality will improve, as > one can ask > the LIR to check the data before the certificate is handed out. This can be true if the process for obtaining a certificate is more onerous than ticking a box on a web page, which was a possibility briefly mentioned yesterday. Data quality can only improve by requiring regular updates or checks. If the emphasis is on quality then the process will be relatively expensive when scaled up to a situation with tens of thousands of certificates. There is probably a trade-off between near universal certification and useful contact information for most resources. >> 2) When certificates and registration databases co-exist both systems >> will diverge and show different information. Is this an improvement? > > No, it is not, but then I would not design the system such that > there are > two master DB's that are independently maintained. There should be > one > that is the master and is maintained. All other systems should pull > their information from there. The data presumably has to come from the resource holders. Getting then to confirm or update the data on a regular basis sounds like a challenging task. Making sure that the person providing the update knows the correct contact information and can supply it might also be difficult... [...] > * Certificates will have to be renewed. At this point, one can ask > people to > verify if data is still correct, and if not, correct it before > the new cert > is generated. (And this is something that can be automated to a > large > extend). ... as the person renewing the certificate in many organisations is likely be a payments clerk and not involved in network operations. Regards, -- Leo Vegoda IANA Numbers Liaison
[ Ca-tf Archive ]
