[db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database

On Wednesday, Jul 16, 2003, at 16:51 Europe/Amsterdam, Randy Bush wrote:
>> ok something but what's the big hole
>
> someone getting at the root CA key at an RIR
>

There would still be the very similar issue of someone getting at the 
certificate that the RIR bought from the third party CA.

In reality, you do not need to have the RIRs sign any of the customer 
certificates, they simply need to verify that the certificate presented 
by the member does indeed belong to the member and incorporate it into 
the RIR system.

If the RIR was a root CA then it could issue certificates to its 
members for a fee agreed by the membership (potentially zero). In any 
case, I believe external certificates should allowed to be used in the 
system so that people who do not trust the RIR CA can get their 
certificate somewhere else.

A user can also choose to control the scope of validity of an RIR 
issued certificate by defining the scope in the browser if it allows it 
or having a second installation of the browser used only for the 
purpose of communication with the RIR,.

Joao