question about Mark Koster's ARIN presentation

Randy Bush randy at psg.com
Thu Jun 25 17:33:39 CDT 2009


> The current effort will only allow for ipv6 objects
> (route6/inet6num).

s/allow for/add support for/

i hope

> We are using the same code that RIPE is using at http://certtest.ripe.net.
> RIPE has been very kind to allow us to use their code.  As for ARIN,
> this is a pilot and is certainly not a final fixed-feature set. The
> first go of this is the "hosted" solution where an ISP can come into
> ARIN's pilot and create ROAs based off of allocations that they
> have received from ARIN. 
> 
> All the ROAs will be placed into a rsync repository that can be retrieved 
> and validated. Specifically, here are the features that are a part of the 
> system:
> 
> *  Enables ARIN resource holders to request certificates for their IPv4 and 
>    IPv6 Provider Aggregatable (PA) resources
> *  Enables ARIN resource holders to manage Route Origin Authorizations (ROAs) 
>    for their PA address space
> *  Provides a public repository of certificates and ROAs
> *  Handles key rollovers and revocations

the simple version of the question: who holds my private key(s)?

the longer version: does this implement my having my own subsidiary CA
with it communiciating with ARIN's and RIPE's ... using the protocols of
the ietf sidr work?

randy




More information about the NANOG mailing list