This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Previous message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Next message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Patrik Fältström
paf at cisco.com
Wed Jul 16 17:02:05 CEST 2003
On onsdag, jul 16, 2003, at 16:51 Europe/Stockholm, Randy Bush wrote: >> Or are you suggesting that RIPE should select one of the >> commercial root CAs and get all the client certificates from that >> shop? > > no, the RIRs can sign their customers certs. > > maybe a tutorial is needed on how this stuff works. paf, is there > one readily available? Well, the problem is to know whether the tutorial talk about how the map is drawn or how things work in reality. The overall question is how to build the chain of trust in X.509. We can do (a) CA -> RIR -> RIR member (b) CA -> RIR and CA -> RIR member As I don't work in the X.509 environment (I have been running my head against the wall too many times when discovering the applications do not do everything magic the spec is supposed to support) I am the wrong person to ask. BUT, I can find someone which can help. >> From a trust point of view it is in fact *better* to consciously >> import the RIPE root-ca certificate in your browser then to >> simply trust what's in your root certificate store. > > when the RIRs' procedures to protect their root CA keys are audited ...and the question is whether this audit and operations is cheaper than to "just buy the thing" from a different CA... paf
- Previous message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Next message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]