[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call

Andy,

as I seen this process -

one have tried to design this tool with secure BGP in mind,
second one thought about Certificates as a tool to protect current 
address management system (aka RIRs),
third group - as you - think about it as a tool to protect your resource 
and make routing for himself more safe.

In general all three think about safe routing - but each one has his own 
special requirements and goals - what is really important for him 
personally.

And practically only today we began public discussion - is it the same 
for all of us?
Can we satisfy all needs by one design?

This policy is as a some kind of test for me - can we find a common 
compromise?

Dima



On 10.05.2011 16:57, Andy Davidson wrote:
> On 3 May 2011, at 12:31, Malcolm Hutty wrote:
>
>> [2] For example, could we creates "webs of trust" rather than a single
>> hierarchy? Would that be "good enough" or is a hierarchy essential?
> I am strongly in favour of resource certification, but appeared (until RIPE62) to be labouring under the misapprehension that this web (rather than hierarchy) system was the thing that we are building.  Thank you for raising the point, Malcolm.
>
> The Utopia, for me, is that a certificate would be valid if the NCC, *or* ARIN, *or* APNIC, *or* ..., *or* MOON-NIC, *or* Certs Inc, *or* Randy, or even my private CA had signed it, because no single regulator in any jurisdiction would be able to revoke my certificate and prevent routing.  I get the benefits of automation, and the benefits of certification, without having to carry the risk of an 'internet off' switch.  Is it too late for this ?  Please say not.
>
> Andy
>