Re: [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database

[Bill Manning <]

% Please note that at present our certificates are used for identifying
% member staff to access internal aplication (MyAPNIC), so the subject of 
% third-party trust issues may not yet apply.  By the time 3rd parties 
% become involved (eg allocation/route certification), we would certainly 
% have more standard CA/PKI structures in place.
% 
% This is a new area for most of us, and we are very open to advice and
% input from the community.
% 
% Cheers,
% Sanjaya
% APNIC CA Project Manager

	of interest to me is the presumption that all interaction
	between parties is assumed to be via http applications, e.g.
	the need to install a cert into your browser.
	
	last time I checked, many/most RIRs supported a variety of
	methods for interaction w/ their customers.  I'd like to
	see how the use of x509 certs would be applicable/palatable
	to other applications.  It would be useful to also have more
	clarification on how bootstraping is to be done. I tend to 
	chnage hardware/software every 6 months or so and have a tough
	time keeping up w/ all the existing pswds/keys that the various
	systems use/expect.  I will forget/lose any pswd/key at least 
	once.	


--bill
Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).