LOAs for Cross Connects - Something like PeeringDB for XC

Randy Bush randy at psg.com
Mon Feb 22 18:39:16 UTC 2021

> are you asking about something like this:
>   https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-rsc/
> Which COULD be used to, as an AS holder:
>   "sign something to be sent between you and the colo and your intended peer"
> that you could sign (with your rpki stuffs) and your peer could also
> sign with their 'rpki stuffs', and which the colo provider could
> automatically validate and action upon final signature(s) received.


way back, the rirs were very insistant that their use of rpki authority
was most emphatically not to be considered an identity service.  this
permeated the design; e.g., organization names were specifically
forbidden in certificate CN, Subject Alternative Name, etc.

aside: of course a few rirs thought that *their* names should be in
their certs as exeptions.  i remember the laughter.


randy at psg.com
`gpg --locate-external-keys --auto-key-locate wkd randy at psg.com`
signatures are back, thanks to dmarc header mangling

More information about the NANOG mailing list