[dbwg] X.509 Extensions for IP Addresses and AS Identifiers
Paul Wilson
pwilson at apnic.net
Sun Apr 13 20:05:11 EDT 2003
- Previous message: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers
- Next message: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We at APNIC believe that there is a fundamental problem with this draft, namely that it attempts to associate Internet resources with public key (ie identity) certificates, as if those resources are fundamentally bound to the holder of the certificate. This problem is reflected in the language of the document, which refers in many places to "ownership" of IP addresses and ASNs. On the contrary, Internet resources are allocated on a lease/license basis which is asynchronous with creation or renewal of public key certs (under normal circumstances at least). Under this draft, the recipient of resources issued over time by an RIR would need to (a) maintain a whole set of X.509 certs (one for each resource allocation) and receive an additional public key cert with each new resource allocation; or (b) maintain a single or smaller set of certs carrying all of their resource allocations, in which case they would be subject to repeated certificate revokation and reissue each time they received a new allocation. We believe that the proposed extensions are better suited to Attribute Certificates, which are purpose-built for exactly this type of application. Of course, both sets of extensions could be approved and used, with the disadvantage of having two "competing" ways of representing resource allocations. Paul Wilson APNIC. > -----Original Message----- > From: dbwg-request at arin.net [mailto:dbwg-request at arin.net] On > Behalf Of Larry J. Blunk > Sent: Saturday, 12 April 2003 1:25 AM > To: dbwg at arin.net > Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers > > > > There's an Internet Draft available from BBN Technologies > which describes extensions to X.509 certificicates to > incorporate IP and AS allocation information. See -- > http://www.net-tech.bbn.com/sbgp/draft-ietf-pkix-x509-ipaddr-as-extn-00.txt This draft was produced as part of the Secure BGP project. Is there any consideration being given to supporting these extensions in ARIN's implementation of X.509? Regards, Larry Blunk Merit
- Previous message: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers
- Next message: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the DBWG mailing list