This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] How to certify resources
- Previous message (by thread): [ncc-services-wg] How to certify resources
- Next message (by thread): [ncc-services-wg] RIPE NCC to Discontinue Hostcount
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alexb at ripe.net
Mon Jan 3 13:34:27 CET 2011
Hello Alexander, On 3 Jan 2011, at 13:07, Alexander.Koeppe at merck.de wrote: > > Hello List, > > I'm still a bit confused, what I've to do with this new certification > approach. > > My LIR portal user has the "certification" permission. > When I'm clicking on "certification" in the left pane, it says me > that I > don't have a CA yet. > Well of course not. Not in the Internet. > Do I need to create a CA over the portal frontend? > And if yes, do I have to provide a server running a CA service in the > Internet? The resource certification service is solely a hosted platform at the moment. It means that you create a Certificate Authority for your address space on our system. We take care of all of the crypto operations like signing, re-signing, etc. as well as publication of certificates and ROAs. The ability to run your own Certificate Authority on your own systems, which interacts with ours, will be introduced later in 2011. > Somehow I jumped around some sites and reached the following messages > inside the LIR portal: > > "Congratulations! You now have a digital certificate covering your > Provider > Aggregatable (PA) address space." > > Well now I'm totally confused. Does that mean, that my resources are > certified already? Yes, clicking 'I agree. Certify my resources.' on the Terms and Conditions page creates a resource certificate for all of your Provider Aggregatable address space. The only thing you have to do now is create Route Origin Authorisation specifications, indicating from which Autonomous System(s) you will be announcing your prefixes. Creation and publication will happen automatically. After this, anyone will be able to validate if your BGP announcements have a valid ROA attached to them, using one of the validation tools: http://www.ripe.net/certification/validation/ Kind regards, Alex Band
- Previous message (by thread): [ncc-services-wg] How to certify resources
- Next message (by thread): [ncc-services-wg] RIPE NCC to Discontinue Hostcount
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]