This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Previous message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Next message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joao Damas
joao at isc.org
Thu Jul 17 13:41:48 CEST 2003
On Wednesday, Jul 16, 2003, at 16:51 Europe/Amsterdam, Randy Bush wrote: >> ok something but what's the big hole > > someone getting at the root CA key at an RIR > There would still be the very similar issue of someone getting at the certificate that the RIR bought from the third party CA. In reality, you do not need to have the RIRs sign any of the customer certificates, they simply need to verify that the certificate presented by the member does indeed belong to the member and incorporate it into the RIR system. If the RIR was a root CA then it could issue certificates to its members for a fee agreed by the membership (potentially zero). In any case, I believe external certificates should allowed to be used in the system so that people who do not trust the RIR CA can get their certificate somewhere else. A user can also choose to control the scope of validity of an RIR issued certificate by defining the scope in the browser if it allows it or having a second installation of the browser used only for the purpose of communication with the RIR,. Joao
- Previous message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
- Next message (by thread): [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]