North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP certificate insanity was: (DHS insanity - offtopic)

  • From: Joe Abley
  • Date: Tue Apr 24 05:36:59 2007



On 24-Apr-2007, at 10:15, <michael.dillon@xxxxxx> wrote:

You might try taking a look at the various presentations at
NANOG/RIPE/ARIN/
APNIC/APRICOT about the whole idea.  Central point: the
entity that gives
you a suballocation of its own address space signs something
that says you
now hold it.

If the whois directories actually operated under some set of guidelines
defining their purpose and scope which was enforced by the directory
publishers, then there would be no need for this certificate nonsense.

How can anybody be sure that the random peering tech they are talking to really works for the organisation listed in the whois record? By visual inspection of the e-mail address? A faxed LOA on company letterhead?


Given a polished toolset, I'd take a signed ROA over any of those.


Joe