[ncc-services-wg] RPKI Resource Certification: building features

• Previous message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
• Next message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 3, 2010, at 7:26 PM, Randy Bush wrote:

>> Do you think there is value in creating a system like this?
> 
> yes.  though, given issues of errors and deliberate falsifications, i am
> not entirely comfortable with the whois/bgp combo being considered
> formally authoritative.  but we have to do something.
> 
>> Are there any glaring holes that I missed
> 
> yes.  the operator should be able to hold the private key to their
> certificate(s) or the meaning of 'private key' and the security
> structure of the [ripe part of the] rpki is a broken.
> 
> randy

I'll go a step further and say that the resource holder should be
the ONLY holder of the private key for their resources.

Owen

• Previous message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
• Next message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]