This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
- Previous message (by thread): [routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
- Next message (by thread): [routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Geoff Huston
gih at apnic.net
Tue Apr 29 23:54:16 CEST 2008
Rob Evans wrote: > Folks, > >> PDP Number: 2008-04 >> Using the Resource Public Key Infrastructure to Construct Validated >> IRR Data > > We have ourselves a policy proposal. :) > > The discussion here should concentrate on whether it is useful to > construct an IRR out of certified resources placed in the RPKI. > It may also be useful to consider this in the light of alternative approaches where the RPSL object is signed by the resource holder, using a signing certificate that is validatable in the context of a resource PKI. In this case the certificates in the RPKI would be used to validate that the object that was retrieved from the IRR was signed by the current holder of the resources that are described in the object, has not been altered or tampered in any way, and that trust in the validity of the object is no longer based just on the admission and management policies of the registry. Using digitally signed attestations to synthesise IRR objects, as per this proposal, and adding digital signatures to the IRR objects appear to be alternate paths in the overall direction of adding some mechanisms of explicit validation of IRR objects. What classes of IRR objects could be generated using the approach of generating IRR objects from RPKI data? regards, Geoff
- Previous message (by thread): [routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
- Next message (by thread): [routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]