Hijacked IP space.

Andrei Robachevsky andrei at ripe.net
Tue Nov 4 17:11:35 UTC 2003

Larry J. Blunk wrote:

> On Tue, 2003-11-04 at 10:51, Randy Bush wrote:
>>>Those options are not mutually exclusive, and, while I agree that
>>>it would be better if the RIR's accepted generic GPG keys along
>>>the lines of what RADB does, the X.509 certificate is not a bad
>>>first step.  At least it's better than Mail-From or Crypt-PW.
>>>>>>Should we, as a community, register with RIR's with PGP.
>>>>>Each of the RIRs has either already established, or is in the
>>>>>process of establishing, a CA for that purpose.  Please use
>>>>thanks, but i choose to have my peers certify my identity, not the
>>the rirs already accept pgp certs.  and i use them, as do all
>>security-conscious registrants.  i was disagreeing with woody's
>>pushing x.509 certs to the exclusion of pgp certs.
>    I would note that the RIPE NCC, while implementing X.509 support,
> is moving away from the concept of running their own CA.  Their
> X.509 support will be very "PGP-like".   See the following for details -
> http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-db-x509.pdf

Yes and no. For the RIPE Database authentication pgp and x.509 will be 
equally accepted with no CA involved as such. This is different from 
x.509 certificates the RIPE NCC issues for the members, only to 
authenticate themselves while accessing RIPE NCC services.


Andrei Robachevsky

More information about the NANOG mailing list