[address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)
- Previous message (by thread): [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)
- Next message (by thread): [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Max Tulyev
president at ukraine.su
Mon Sep 25 22:57:13 CEST 2006
Randy Bush wrote: >>> if we are lucky, this time next year, you will be able to verify an X.509 >>> certificate chain with rfc 3779 resource extensions, and have significant >>> confidence in rights to address and asn resources. >> As I can understand, I can verify origin of prefix, prefix itself, but >> it can't authorize is that certain as-path legitimate or not. Like I can >> figure it out from routing registry DB. Isn't it? > > the current work will provide a formally verifiable demonstration of > ownership of address space. > > to achieve your goal _formally_ will require something like sbgp. > > the irr is an informal way to kinda achieve what you want. and we > use it today. > > one first useful step for an isp is to use the x.509 data to verify > ownership assertions in the irr when building filter lists, for > example. I just think (if I correct understood that, sorry but this RFC is not easy reading) small enhancement of this will give us the large improvement: we can do filtering of unauthorized announcements (announcements of right prefix originated with right AS but from wrong place)! -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO)
- Previous message (by thread): [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)
- Next message (by thread): [address-policy-wg] 2006-05 New Policy Proposal (PI Assignment Size)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]