Re: [routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
-
To: Randy Bush randy@localhost
-
From: Geoff Huston gih@localhost
-
Date: Wed, 30 Apr 2008 12:18:15 +1000
-
Cc: Rob Evans rhe@localhost, routing-wg@localhost, Kurt Erik Lindqvist kurtis@localhost
Randy Bush wrote:
It may also be useful to consider this in the light of alternative
approaches where the RPSL object is signed by the resource holder,
using a signing certificate that is validatable in the context of a
resource PKI.
who signs as-set:?
If the as-set has a hierarchical name (as described in RFC 2725 and possibly elsewhere) then the signer would be the AS holder of the AS named in the hierarchical name form, wouldn't it?
how does maintainer map to anything in rpki?
I would've thought, after looking through the RFCs that explored this topic back in 1999 - 2000, that the maintainer of a inetnum object would be the address holder, the maintainer of the aut-num object would be the as number holder, and the maintainer of the route object would be the address holder, which would map back into the RPKI
... as
i said, bad impedance mismatch.
I'm not sure I can agree with this assertion at this stage.
What classes of IRR objects could be generated using the approach of
generating IRR objects from RPKI data?
route:
I'm still wondering if that is a sufficient subset of the IRR information set.
regards,
Geoff
|
you are here: RIPE -> RIPE Maillists > Archives
