North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SSL for IRR queries?

  • From: Jake Khuon
  • Date: Fri Jan 11 15:51:45 2002
  • Action:
  • Dcc:
  • Expires:

### On Fri, 11 Jan 2002 14:45:35 -0500 (EST), Tony Tauber
### <[email protected]> casually decided to expound upon [email protected]
### the following thoughts about "SSL for IRR queries?":

TT> If there's a desire to trust information garnered
TT> from the Internet Routing Registry (eg. RADB, RIPE),
TT> it would seem that one would like a way to verify
TT> the server responding to queries.

There is implimentation work being done for rps-auth (RFC2725) by RIPE,
Merit and others I believe.  This should ensure authenticated integrity of
the data.  If it's query-time man-in-the-middle type attacks one is worried
about then an implimentation of rps-dist (RFC2769) addresses that issue
which I believe is being done by RIPE, Merit and others as well.  I had
heard it was moved to a lower priority than implimenting rps-auth however. 
Perhaps someone from the RIPE db-wg could comment.

/*===================[ Jake Khuon <[email protected]> ]======================+
 | Packet Plumber, Network Engineers     /| / [~ [~ |) | | --------------- |
 | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| N E T W O R K S |