> are you asking about something like this: > https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-rsc/ > > Which COULD be used to, as an AS holder: > "sign something to be sent between you and the colo and your intended peer" > > that you could sign (with your rpki stuffs) and your peer could also > sign with their 'rpki stuffs', and which the colo provider could > automatically validate and action upon final signature(s) received.
chris, way back, the rirs were very insistant that their use of rpki authority was most emphatically not to be considered an identity service. this permeated the design; e.g., organization names were specifically forbidden in certificate CN, Subject Alternative Name, etc. aside: of course a few rirs thought that *their* names should be in their certs as exeptions. i remember the laughter. randy --- [email protected] `gpg --locate-external-keys --auto-key-locate wkd [email protected]` signatures are back, thanks to dmarc header mangling
