> Here's hoping that others follow your lead in replying promptly.
ok, if you really wish
> From: George Michaelson
> I believe this work is important and should continue, and be adopted
> by the WG as a deliverable. RPKI has the capability to provide PKI
> assurance over information which lies outside of BGP, as well as
> informing BGP, and I think constructing the appropriate formalisms
> over signing of RPSL objects will materially enhance trust in the
> statements made in RPSL, relating to internet number resources.
it's a pki and has keys. so the keys in it could be used to sign bank
transactions. that does not mean we should do so.
the trust model of the rpki is that of a hierarchy of prefix ownership.
the rpsl has objects for which prefixes have no authority. that the
rpsl has no inherent trust path has led to one being patched on in some
implementations in a rather half-assed manner. adding another
authorization model on top of that is not gonna make it any cleaner.
this is trying make a silk purse out of a sow's ear.
but you can put a sow's ear in a silk purse, well kinda
$ whois -h whois.rpki.net 147.28.0.0
route: 147.28.0.0/16
descr: 147.28.0.0/16-16
origin: AS3130
notify: [email protected]
mnt-by: MAINT-RPKI
changed: [email protected] 20130414
source: RPKI
randy, who was a poster child for the rps for many many years
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
