From Ronald.vanderPol at rvdp.org  Sun Nov  4 15:21:03 2007
From: Ronald.vanderPol at rvdp.org (Ronald van der Pol)
Date: Sun, 4 Nov 2007 15:21:03 +0100
Subject: [ca-tf] RIPE Certification Task Force meeting minutes
In-Reply-To: <471CBC9E.2070408@ripe.net>
References: <471CBC9E.2070408@ripe.net>
Message-ID: <20071104142102.GF6879@rvdp.org>

On Mon, Oct 22, 2007 at 17:07:10 +0200, Chris Buckridge wrote:

> Randy noted their interest in the RIPE community's perspective on what the 
> customer wants.

...

> Related to this, Daniel pointed out that we are currently doing our 
> homework on what the user wants, but it is turning out to be harder than 
> expected.

I guess we are the customer :-) SARA is doing this work on behalf of
SURFnet, the Dutch research network and LIR. SARA is the NOC of
SURFnet.

By the end of the year we need to deliver a document to SURFnet.
I expect that it will contain the following items:
- what is this all about
- what is the current implementation status
- how can the SURFnet NOC use the verification possibilities
- what does resource certificates mean for SURFnet as a LIR

It would be nice if we could play with some prototype to see how
all of this will work in real life.

We noticed
http://ca-trial.ripe.net/~caservice/server.cgi
is currently down. 

At an IETF SIDR meeting I wrote down this URL:
http://mirin.apnic.net/resourcecerts/
But I don't understand if the wiki is kept up to date or not.

Where can we find the information/presentation (left-right protocol
drawings) Randy was talking about?

	rvdp



From Ronald.vanderPol at rvdp.org  Sun Nov  4 21:18:10 2007
From: Ronald.vanderPol at rvdp.org (Ronald van der Pol)
Date: Sun, 4 Nov 2007 21:18:10 +0100
Subject: [ca-tf] RIPE Certification Task Force meeting minutes
In-Reply-To: <472E2006.8010908@apnic.net>
References: <471CBC9E.2070408@ripe.net> <20071104142102.GF6879@rvdp.org> <472E2006.8010908@apnic.net>
Message-ID: <20071104201810.GO6879@rvdp.org>

On Mon, Nov 05, 2007 at 06:39:50 +1100, Geoff Huston wrote:

> The documentation work is coming together at
> http://mirin.apnic.net/resourcecerts/

Thanks. We will take a look at it.

	rvdp



From gih at apnic.net  Sun Nov  4 20:39:50 2007
From: gih at apnic.net (Geoff Huston)
Date: Mon, 05 Nov 2007 06:39:50 +1100
Subject: [ca-tf] RIPE Certification Task Force meeting minutes
In-Reply-To: <20071104142102.GF6879@rvdp.org>
References: <471CBC9E.2070408@ripe.net> <20071104142102.GF6879@rvdp.org>
Message-ID: <472E2006.8010908@apnic.net>

The wiki was being used by the APNIC crew pretty intensively while we 
were working on the design.

We (APNIC) are trying to get our documentation house in order at the 
moment as well as completing the initial milestone of getting an APNIC 
CA running.

The documentation work is coming together at
http://mirin.apnic.net/resourcecerts/

the wiki is at http://mirin.apnic.net/resourcecerts/wiki/index.php/Main_Page


regards,

      Geoff





Ronald van der Pol wrote:
> On Mon, Oct 22, 2007 at 17:07:10 +0200, Chris Buckridge wrote:
> 
>> Randy noted their interest in the RIPE community's perspective on what the 
>> customer wants.
> 
> ...
> 
>> Related to this, Daniel pointed out that we are currently doing our 
>> homework on what the user wants, but it is turning out to be harder than 
>> expected.
> 
> I guess we are the customer :-) SARA is doing this work on behalf of
> SURFnet, the Dutch research network and LIR. SARA is the NOC of
> SURFnet.
> 
> By the end of the year we need to deliver a document to SURFnet.
> I expect that it will contain the following items:
> - what is this all about
> - what is the current implementation status
> - how can the SURFnet NOC use the verification possibilities
> - what does resource certificates mean for SURFnet as a LIR
> 
> It would be nice if we could play with some prototype to see how
> all of this will work in real life.
> 
> We noticed
> http://ca-trial.ripe.net/~caservice/server.cgi
> is currently down. 
> 
> At an IETF SIDR meeting I wrote down this URL:
> http://mirin.apnic.net/resourcecerts/
> But I don't understand if the wiki is kept up to date or not.
> 
> Where can we find the information/presentation (left-right protocol
> drawings) Randy was talking about?
> 
> 	rvdp



From henk at ripe.net  Wed Nov  7 17:24:42 2007
From: henk at ripe.net (Henk Uijterwaal)
Date: Wed, 07 Nov 2007 17:24:42 +0100
Subject: [ca-tf] RIPE Certification Task Force meeting minutes
In-Reply-To: <20071104142102.GF6879@rvdp.org>
References: <471CBC9E.2070408@ripe.net> <20071104142102.GF6879@rvdp.org>
Message-ID: <4731E6CA.9010300@ripe.net>

Hi Ronald,

(Distribution list reduced.)

> By the end of the year we need to deliver a document to SURFnet.

I'd be very interested to see this document, as from the outline it
seems that it addresses questions more people have.

> I expect that it will contain the following items:
> - what is this all about

I gave a talk at UKNOF in September, www.uknof.co.uk, this has some
slides on why you want to do this.   I'm currently updating the
slides for a similar talk @ MENOG in 2 weeks time.  Slides of
that will be on the RIPE website.

> - what is the current implementation status

Prototypes and plans.

> - how can the SURFnet NOC use the verification possibilities

Most likely this will be put into your routers.  A prefix is
announced to you with a cert, the router verifies the cert,
if the cert is valid, it can be put in the RIB or FIB.

> - what does resource certificates mean for SURFnet as a LIR

In short: it should be able to store certificates, verify them and
generate certificates for sub-allocations that it gives to its
customers.  To do this, they'll have to set up their own CA.  This
can be outsourced, we are already expecting that the RIPE'll have to set
up a mechanism where we can run a CA for most LIRs.


> It would be nice if we could play with some prototype to see how
> all of this will work in real life.
> 
> We noticed
> http://ca-trial.ripe.net/~caservice/server.cgi
> is currently down. 

Yes, and I don't think it will tell you much: you can generate a
cert and verify it, but you cannot use it for any application yet
(as the apps haven't been developed).

> 
> At an IETF SIDR meeting I wrote down this URL:
> http://mirin.apnic.net/resourcecerts/
> But I don't understand if the wiki is kept up to date or not.

It is.

Feel free to call me some time if you want more details.

Henk




-- 
------------------------------------------------------------------------------
Henk Uijterwaal                           Email: henk.uijterwaal(at)ripe.net
RIPE Network Coordination Centre          http://www.amsterdamned.org/~henk
P.O.Box 10096          Singel 258         Phone: +31.20.5354414
1001 EB Amsterdam      1016 AB Amsterdam  Fax: +31.20.5354445
The Netherlands        The Netherlands    Mobile: +31.6.55861746
------------------------------------------------------------------------------

Is one of the choices leaving the office open?
                                       Alan Greenspan on the next elections