BGP certificate insanity was: (DHS insanity - offtopic)
Joe Abley
jabley at ca.afilias.info
Tue Apr 24 09:30:35 UTC 2007
On 24-Apr-2007, at 10:15, <michael.dillon at bt.com> wrote:
>> You might try taking a look at the various presentations at
>> NANOG/RIPE/ARIN/
>> APNIC/APRICOT about the whole idea. Central point: the
>> entity that gives
>> you a suballocation of its own address space signs something
>> that says you
>> now hold it.
>
> If the whois directories actually operated under some set of
> guidelines
> defining their purpose and scope which was enforced by the directory
> publishers, then there would be no need for this certificate nonsense.
How can anybody be sure that the random peering tech they are talking
to really works for the organisation listed in the whois record? By
visual inspection of the e-mail address? A faxed LOA on company
letterhead?
Given a polished toolset, I'd take a signed ROA over any of those.
Joe
More information about the NANOG
mailing list