This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Implementation of Resource Certification (RPKI) for PI End User Resources
- Previous message (by thread): [ncc-services-wg] Implementation of Resource Certification (RPKI) for PI End User Resources
- Next message (by thread): [ncc-services-wg] Implementation of Resource Certification (RPKI) for PI End User Resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Wed Oct 23 11:20:00 CEST 2013
Hi, On Wed, Oct 23, 2013 at 05:00:08PM +0800, Nick Hilliard wrote: > there's no way of necessarily knowing that the contact info in the ripe > database is correct, even if the resources are correctly registered to the > legal person described in the organisation object. This means that the > RIPE NCC has no real way of knowing if J. Random end user is the correct > contact for the PI resource, which means that it needs to devolve the > initial stage of this authorisation to the sponsoring LIR. This probably > sucks. OTOH, for RPKI, do we really need to know *who* the user is? If - as Alex proposes - the system checks "is there an approved contactual relationship for the resource in question, *and* does the user have the necessary credentials to satisfy the mnt-routes: criteria for the object?", the ability to create ROAs would correspond to the ability to create route: objects - and since RPKI isn't certifying identity, but "this person is authorized to authorize routing for the resource", this sounds workable for me. The bit "show me your credentials" is going to be interesting for PGP, but can be done ("show nonce, ask for signature on it, copy back to text field")... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: </ripe/mail/archives/ncc-services-wg/attachments/20131023/b0fb0aa6/attachment.sig>
- Previous message (by thread): [ncc-services-wg] Implementation of Resource Certification (RPKI) for PI End User Resources
- Next message (by thread): [ncc-services-wg] Implementation of Resource Certification (RPKI) for PI End User Resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]