North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hijacked IP space.

  • From: Andrei Robachevsky
  • Date: Tue Nov 04 12:14:13 2003

Larry J. Blunk wrote:

On Tue, 2003-11-04 at 10:51, Randy Bush wrote:

Those options are not mutually exclusive, and, while I agree that
it would be better if the RIR's accepted generic GPG keys along
the lines of what RADB does, the X.509 certificate is not a bad
first step.  At least it's better than Mail-From or Crypt-PW.

Should we, as a community, register with RIR's with PGP.
Each of the RIRs has either already established, or is in the
process of establishing, a CA for that purpose.  Please use
them.
thanks, but i choose to have my peers certify my identity, not the
rirs
the rirs already accept pgp certs.  and i use them, as do all
security-conscious registrants.  i was disagreeing with woody's
pushing x.509 certs to the exclusion of pgp certs.

randy
---


   I would note that the RIPE NCC, while implementing X.509 support,
is moving away from the concept of running their own CA.  Their
X.509 support will be very "PGP-like".   See the following for details -
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-db-x509.pdf

Yes and no. For the RIPE Database authentication pgp and x.509 will be equally accepted with no CA involved as such. This is different from x.509 certificates the RIPE NCC issues for the members, only to authenticate themselves while accessing RIPE NCC services.

Thanks,

Andrei Robachevsky
RIPE NCC