Re: [ca-tf] Draft pre-read document for the CA-TF workshop of 13 February

[Leo Vegoda <]

On Feb 15, 2007, at 8:09 AM, Henk Uijterwaal wrote:

[...]

> > Data quality can only improve by requiring regular updates or checks.
> I think this is the key point: right now, there is nothing that shows
> people on a more or less regular basis what their data is.  In a
> certification scheme, people will have to renew certificates and thus
> see their data at least once a year.  And most people, when shown a  
> list
> of data, will point out errors they see.
>
> This will, of course, not make the data perfect, but it will improve
> its quality.
>
> > The data presumably has to come from the resource holders.
> I'd think (at least some of it) comes from the RIRs.  How else can you
> avoid that people certify resources for which they are not  
> responsible?
The RIR can be authoritative about which resources are registered to  
an organisation. Attempts to change that can be flagged for further  
review. RIRs cannot know whether a change in the other contact  
information is correct, though. The registrant must know best for  
anything other than registrant name.

And this is where the problem lies. If the RIPE NCC provides a CA  
outsourcing service then it significantly reduces the need for  
network people to be involved in the certificate renewal. But by  
reducing this need it risks a deterioration in contact information  
when registrants' internal communications are less than exemplary.

Introducing certification of resources might lead to a better idea of  
the legal identity of resource holders but less useful contact  
information for them.

Regards,

Leo