About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)

  • From: Max Tulyev president@localhost
  • Date: Mon, 25 Sep 2006 20:57:13 +0000
Randy Bush wrote:
>>> if we are lucky, this time next year, you will be able to verify an X.509
>>> certificate chain with rfc 3779 resource extensions, and have significant
>>> confidence in rights to address and asn resources.
>> As I can understand, I can verify origin of prefix, prefix itself, but
>> it can't authorize is that certain as-path legitimate or not. Like I can
>> figure it out from routing registry DB. Isn't it?
> 
> the current work will provide a formally verifiable demonstration of
> ownership of address space.
> 
> to achieve your goal _formally_ will require something like sbgp.
> 
> the irr is an informal way to kinda achieve what you want.  and we
> use it today.
> 
> one first useful step for an isp is to use the x.509 data to verify
> ownership assertions in the irr when building filter lists, for
> example.

I just think (if I correct understood that, sorry but this RFC is not
easy reading) small enhancement of this will give us the large
improvement: we can do filtering of unauthorized announcements
(announcements of right prefix originated with right AS but from wrong
place)!


-- 
WBR,
Max Tulyev (MT6561-RIPE, 2:463/253@localhost)
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community