Hijacked IP space.
Larry J. Blunk
ljb at merit.edu
Tue Nov 4 16:40:57 UTC 2003
On Tue, 2003-11-04 at 10:51, Randy Bush wrote:
> > Those options are not mutually exclusive, and, while I agree that
> > it would be better if the RIR's accepted generic GPG keys along
> > the lines of what RADB does, the X.509 certificate is not a bad
> > first step. At least it's better than Mail-From or Crypt-PW.
> >>>> Should we, as a community, register with RIR's with PGP.
> >>> Each of the RIRs has either already established, or is in the
> >>> process of establishing, a CA for that purpose. Please use
> >>> them.
> >> thanks, but i choose to have my peers certify my identity, not the
> >> rirs
>
> the rirs already accept pgp certs. and i use them, as do all
> security-conscious registrants. i was disagreeing with woody's
> pushing x.509 certs to the exclusion of pgp certs.
>
> randy
> ---
I would note that the RIPE NCC, while implementing X.509 support,
is moving away from the concept of running their own CA. Their
X.509 support will be very "PGP-like". See the following for details -
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-db-x509.pdf
More information about the NANOG
mailing list