This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dmitry Burkov
dburk at burkov.aha.ru
Tue May 10 15:54:07 CEST 2011
Andy, as I seen this process - one have tried to design this tool with secure BGP in mind, second one thought about Certificates as a tool to protect current address management system (aka RIRs), third group - as you - think about it as a tool to protect your resource and make routing for himself more safe. In general all three think about safe routing - but each one has his own special requirements and goals - what is really important for him personally. And practically only today we began public discussion - is it the same for all of us? Can we satisfy all needs by one design? This policy is as a some kind of test for me - can we find a common compromise? Dima On 10.05.2011 16:57, Andy Davidson wrote: > On 3 May 2011, at 12:31, Malcolm Hutty wrote: > >> [2] For example, could we creates "webs of trust" rather than a single >> hierarchy? Would that be "good enough" or is a hierarchy essential? > I am strongly in favour of resource certification, but appeared (until RIPE62) to be labouring under the misapprehension that this web (rather than hierarchy) system was the thing that we are building. Thank you for raising the point, Malcolm. > > The Utopia, for me, is that a certificate would be valid if the NCC, *or* ARIN, *or* APNIC, *or* ..., *or* MOON-NIC, *or* Certs Inc, *or* Randy, or even my private CA had signed it, because no single regulator in any jurisdiction would be able to revoke my certificate and prevent routing. I get the benefits of automation, and the benefits of certification, without having to carry the risk of an 'internet off' switch. Is it too late for this ? Please say not. > > Andy >
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]