[routing-wg]2008-04 New Policy Proposal (Using the Resource Public Key Infrastructure to Construct Validated IRR Data)

Randy Bush wrote:
>> It may also be useful to consider this in the light of alternative 
>> approaches where the RPSL object is signed by the resource holder, 
>> using a signing certificate that is validatable in the context of a 
>> resource PKI.
> 
> who signs as-set:?  

If the as-set has a hierarchical name (as described in RFC 2725 and possibly elsewhere) then the signer would be the AS holder of the AS named in the hierarchical name form, wouldn't it?


> how does maintainer map to anything in rpki?

I would've thought, after looking through the RFCs that explored this topic back in 1999 - 2000, that the maintainer of a inetnum object would be the address holder, the maintainer of the aut-num object would be the as number holder, and the maintainer of the route object would be the address holder, which would map back into the RPKI

 ...  as
> i said, bad impedance mismatch.

I'm not sure I can agree with this assertion at this stage.


>> What classes of IRR objects could be generated using the approach of
>> generating IRR objects from RPKI data?
> 
> route:

I'm still wondering if that is a sufficient subset of the IRR information set.


regards,

   Geoff