Re: BGP certificate insanity was: (DHS insanity

North American Network Operators Group

Re: BGP certificate insanity was: (DHS insanity - offtopic)

From: Joe Abley
Date: Tue Apr 24 05:36:59 2007

On 24-Apr-2007, at 10:15, <[email protected]> wrote:

You might try taking a look at the various presentations at
NANOG/RIPE/ARIN/
APNIC/APRICOT about the whole idea.  Central point: the
entity that gives
you a suballocation of its own address space signs something
that says you
now hold it.
If the whois directories actually operated under some set of guidelines defining their purpose and scope which was enforced by the directory publishers, then there would be no need for this certificate nonsense.

How can anybody be sure that the random peering tech they are talking to really works for the organisation listed in the whois record? By visual inspection of the e-mail address? A faxed LOA on company letterhead?

Given a polished toolset, I'd take a signed ROA over any of those.

Joe

Follow-Ups:
- RE: BGP certificate insanity was: (DHS insanity - offtopic) michael.dillon

References:
- RE: BGP certificate insanity was: (DHS insanity - offtopic) michael.dillon

Prev by Date: RE: IP Block 99/8 (DHS insanity - offtopic)
Next by Date: Re: IP Block 99/8 (DHS insanity - offtopic)
Date Index
Thread Index
Author Index
Historical