[ncc-services-wg] RPKI Resource Certification: building features
Randy Bush
randy at psg.com
Mon Oct 4 02:26:27 UTC 2010
> Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative. but we have to do something.
> Are there any glaring holes that I missed
yes. the operator should be able to hold the private key to their
certificate(s) or the meaning of 'private key' and the security
structure of the [ripe part of the] rpki is a broken.
randy
More information about the NANOG
mailing list