Re: [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database

[Kurt Erik Lindqvist <]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>> It is also important to note that, the general trend among
>> the other
>>> Regional Internet Registries (RIRs) is the use of X.509 as a main
>>> authentication method.
>>
>> when you say that the trend among the other RIRs is to go for X.509
>> certificates, could you please elaborate on what they are
>> doing and how
>> far they are?
>>
>> Best regards,
>>
>> - - kurtis -
>>
>
> Hi all,
>
> In APNIC we use X.509 certificate to secure MyAPNIC (similar to LIR
> Portal). Having X.509 auth in the whois db would make a better
> integration with this facility.

Is this then being widely used? No issues with client support and 
configurations?

> We have also been closely monitoring IETF's PKIX working group
> where there's an effort to certify ASN and internet addresses to
> protect routing announcements. This might eventually affect how
> the public will use the internet routing registry, which is also
> part or our whois database.
>
> We expect X.509 will be used to make certified statements about
> resource allocation as part of S-BGP or SO-BGP and/or wider
> requirements for authoritative statements on resources
>
I am not following the PKIX WG. Do you have any links to information on 
this, or how this is planned to be implemented?

Best regards,

- - kurtis -

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPxEc86arNKXTPFCVEQJ6RgCfT1H27hyWfZ2c3QYjuHY0QE5E48kAoJ1j
AFFT7gAO1mxCPUQwj8fJnzSZ
=4tDj
-----END PGP SIGNATURE-----