On 4 Oct 2010, at 23:18, Randy Bush wrote:
1) We have not implemented support for this yet. We plan to go live
with the fully hosted version first and extend it with support for
non-hosted systems around Q2/Q3 2011.
this is a significant slip from the 1q11 we were told in prague. care
to
alex, i am not gonna argue with you.
96% of your users will be happy for you to do everything for them,
despite the fact that the wrong holder has the keys (and, as john says,
the liability).
but 96% of your address space, i.e. the large holders, will want to hold
their own keys and talk
Hi Alex,
We are trying to tackle a similar problem with the RADB. The approach
we have
taken is to build into the object management web portal an alerting
system that
provides alerts to a user when there is a mismatch between what is in
the IRR
and what is observed in BGP. Right next to
No... I'm saying that if ISPs aren't the only entities that hold their
private keys, then they aren't the only entities that can sign their
resources.
The hosted system that we created uses Hardware Signing Modules (HSM)
for generating keys and signing operations. By design it is
I'll go a step further and say that the resource holder should be
the ONLY holder of the private key for their resources.
Owen
If you're saying that ISPs can only participate in an RPKI scheme if they
run their own Certificate Authority, then I think that would practically
ruin the
On Mon, October 4, 2010 04:38, Owen DeLong wrote:
On Oct 3, 2010, at 7:26 PM, Randy Bush wrote:
Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being
1) We have not implemented support for this yet. We plan to go live
with the fully hosted version first and extend it with support for
non-hosted systems around Q2/Q3 2011.
this is a significant slip from the 1q11 we were told in prague. care
to explain.
Randy Bush who is cc-ed may be able
Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative. but we have to do something.
Are there any glaring holes that I
On Oct 3, 2010, at 7:26 PM, Randy Bush wrote:
Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative. but we have to do
9 matches
Mail list logo