alex, i am not gonna argue with you.
96% of your users will be happy for you to do everything for them,
despite the fact that the wrong holder has the keys (and, as john says,
the liability).
but 96% of your address space, i.e. the large holders, will want to hold
their own keys and talk up/dow
On 4 Oct 2010, at 23:18, Randy Bush wrote:
1) We have not implemented support for this yet. We plan to go live
with the fully hosted version first and extend it with support for
non-hosted systems around Q2/Q3 2011.
this is a significant slip from the 1q11 we were told in prague. care
to expl
> 1) We have not implemented support for this yet. We plan to go live
> with the fully hosted version first and extend it with support for
> non-hosted systems around Q2/Q3 2011.
this is a significant slip from the 1q11 we were told in prague. care
to explain.
> Randy Bush who is cc-ed may be ab
>>
>> No... I'm saying that if ISPs aren't the only entities that hold their
>> private keys, then they aren't the only entities that can sign their
>> resources.
>
> The hosted system that we created uses Hardware Signing Modules (HSM)
> for generating keys and signing operations. By design it i
>
>> I'll go a step further and say that the resource holder should be
>> the ONLY holder of the private key for their resources.
>>
>> Owen
>
> If you're saying that ISPs can only participate in an RPKI scheme if they
> run their own Certificate Authority, then I think that would practically
>
On Mon, October 4, 2010 04:38, Owen DeLong wrote:
>
> On Oct 3, 2010, at 7:26 PM, Randy Bush wrote:
>
>>> Do you think there is value in creating a system like this?
>>
>> yes. though, given issues of errors and deliberate falsifications, i am
>> not entirely comfortable with the whois/bgp combo b
Hi Alex,
We are trying to tackle a similar problem with the RADB. The approach
we have
taken is to build into the object management web portal an alerting
system that
provides alerts to a user when there is a mismatch between what is in
the IRR
and what is observed in BGP. Right next to
On Oct 3, 2010, at 7:26 PM, Randy Bush wrote:
>> Do you think there is value in creating a system like this?
>
> yes. though, given issues of errors and deliberate falsifications, i am
> not entirely comfortable with the whois/bgp combo being considered
> formally authoritative. but we have to
> Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative. but we have to do something.
> Are there any glaring holes that I miss
9 matches
Mail list logo
