About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads

Re: [ca-tf] RIPE Certification Task Force meeting minutes

  • To: Ronald van der Pol <Ronald.vanderPol@localhost, ca-tf@localhost
  • From: Henk Uijterwaal henk@localhost
  • Date: Wed, 07 Nov 2007 17:24:42 +0100
Hi Ronald,

(Distribution list reduced.)


By the end of the year we need to deliver a document to SURFnet.


I'd be very interested to see this document, as from the outline it
seems that it addresses questions more people have.


I expect that it will contain the following items:
- what is this all about


I gave a talk at UKNOF in September, www.uknof.co.uk, this has some
slides on why you want to do this.   I'm currently updating the
slides for a similar talk @ MENOG in 2 weeks time.  Slides of
that will be on the RIPE website.


- what is the current implementation status


Prototypes and plans.


- how can the SURFnet NOC use the verification possibilities


Most likely this will be put into your routers.  A prefix is
announced to you with a cert, the router verifies the cert,
if the cert is valid, it can be put in the RIB or FIB.


- what does resource certificates mean for SURFnet as a LIR


In short: it should be able to store certificates, verify them and
generate certificates for sub-allocations that it gives to its
customers.  To do this, they'll have to set up their own CA.  This
can be outsourced, we are already expecting that the RIPE'll have to set
up a mechanism where we can run a CA for most LIRs.



It would be nice if we could play with some prototype to see how
all of this will work in real life.

We noticed
http://ca-trial.ripe.net/~caservice/server.cgi
is currently down. 

Yes, and I don't think it will tell you much: you can generate a
cert and verify it, but you cannot use it for any application yet
(as the apps haven't been developed).



At an IETF SIDR meeting I wrote down this URL:
http://mirin.apnic.net/resourcecerts/
But I don't understand if the wiki is kept up to date or not.


It is.

Feel free to call me some time if you want more details.

Henk




--
------------------------------------------------------------------------------
Henk Uijterwaal                           Email: henk.uijterwaal(at)ripe.net
RIPE Network Coordination Centre          http://www.amsterdamned.org/~henk
P.O.Box 10096          Singel 258         Phone: +31.20.5354414
1001 EB Amsterdam      1016 AB Amsterdam  Fax: +31.20.5354445
The Netherlands        The Netherlands    Mobile: +31.6.55861746
------------------------------------------------------------------------------

Is one of the choices leaving the office open?
                                      Alan Greenspan on the next elections
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community