This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] help
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sander Steffann
sander at steffann.nl
Tue May 10 18:05:08 CEST 2011
Hi Andy, > I am strongly in favour of resource certification, but appeared (until RIPE62) to be labouring under the misapprehension that this web (rather than hierarchy) system was the thing that we are building. Thank you for raising the point, Malcolm. > > The Utopia, for me, is that a certificate would be valid if the NCC, *or* ARIN, *or* APNIC, *or* ..., *or* MOON-NIC, *or* Certs Inc, *or* Randy, or even my private CA had signed it, because no single regulator in any jurisdiction would be able to revoke my certificate and prevent routing. I get the benefits of automation, and the benefits of certification, without having to carry the risk of an 'internet off' switch. Is it too late for this ? Please say not. I think this presentation of Stephen Kent shows some possibilities: http://meetings.apnic.net/__data/assets/pdf_file/0019/18910/Routing-Security_03_Local-Trust-Anchor-Management-for-the-RPKI-_Stephen-Kent.pdf - Sander
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] help
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]