About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)

  • To: Max Tulyev president@localhost
  • From: Randy Bush randy@localhost
  • Date: Mon, 25 Sep 2006 06:43:40 -1000
>> if we are lucky, this time next year, you will be able to verify an X.509
>> certificate chain with rfc 3779 resource extensions, and have significant
>> confidence in rights to address and asn resources.
> 
> As I can understand, I can verify origin of prefix, prefix itself, but
> it can't authorize is that certain as-path legitimate or not. Like I can
> figure it out from routing registry DB. Isn't it?

the current work will provide a formally verifiable demonstration of
ownership of address space.

to achieve your goal _formally_ will require something like sbgp.

the irr is an informal way to kinda achieve what you want.  and we
use it today.

one first useful step for an isp is to use the x.509 data to verify
ownership assertions in the irr when building filter lists, for
example.

randy
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community