[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sascha Luck
lists-ripe at c4inet.net
Thu May 5 01:08:00 CEST 2011
On Wed, May 04, 2011 at 09:58:18PM +0000, John Curran wrote: >... but apparently *would* be able to specify that no one may use >RPKI even if that is someone else's particular preferred technology >for securing their own stones? A statement that an RIR shall not >support RPKI for the resources in its database is equivalent to >deciding "no" on behalf those who want to make use of the optional >service, correct? 1) If RPKI *is* universally used, there is no choice for those who do not wish the RIRs to be the final arbiters of their ability to speak on the internet. 2) If RPKI *is not* universally used, it doesn't increase security and is therefore a lot of administration effort to absolutely no purpose. 3) Self-signed certificates are most likely a strawman insofar as if an upstream/IXP demands the use of a RIR-signed certificate "for sound security reasons", your self-signed cert isn't worth the paper it's most likely not printed on. 4) What do the holders of legacy space who may not care to enter into a "contractual relationship" with a RIR do? rgds, Sascha
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]