[ppml] ARIN Certificates
Geoff Huston
gih at apnic.net
Thu Apr 21 22:51:39 EDT 2005
At 09:04 AM 22/04/2005, Randy Bush wrote:
> > well some considerations of getting this thing done as opposed to talking
> > about it says to me that we run with what should work now, which says
> to me
> > that an NRO root cert makes sense in the first instance.
>
>i suspect that isps will be signing requests for number space, for
>domain names, to attest to bgp announcements, ... within the isp,
>one will have the isp's cert signing certs for these many different
>roles. it would be cool if the isp needed only one isp cert to be
>able to use it to sign the certs for all the roles. at the moment,
>the iana is the only place where all these roles converge.
>
>otoh, i do understand your frustration at even contemplating what
>it would take to get the iana to understand the job and to actually
>be able to execute it with useful rigor and alacrity.
In recent times IANA has been careful to take the time to understand the
implications of undertaking new tasks and roles and has many calls on its
resources. So I was voicing the opinion that it may be preferable to
commence such a role with the resources we have at hand.
Of course if you believe that rooting these certs at IANA as the root CA
here from the start is essential, I'd be keen to understand the nature of
requirement, and if that's the case then we probably need to exercise some
patience to pull all this together,
regards,
Geoff
More information about the ARIN-PPML
mailing list