[ppml] ARIN Certificates

Geoff Huston gih at apnic.net
Thu Apr 21 22:51:39 EDT 2005

At 09:04 AM 22/04/2005, Randy Bush wrote:
> > well some considerations of getting this thing done as opposed to talking
> > about it says to me that we run with what should work now, which says 
> to me
> > that an NRO root cert makes sense in the first instance.
>i suspect that isps will be signing requests for number space, for
>domain names, to attest to bgp announcements, ...  within the isp,
>one will have the isp's cert signing certs for these many different
>roles.  it would be cool if the isp needed only one isp cert to be
>able to use it to sign the certs for all the roles.  at the moment,
>the iana is the only place where all these roles converge.
>otoh, i do understand your frustration at even contemplating what
>it would take to get the iana to understand the job and to actually
>be able to execute it with useful rigor and alacrity.

In recent times IANA has been careful to take the time to understand the 
implications of undertaking new tasks and roles and has many calls on its 
resources. So I was voicing the opinion that it may be preferable to 
commence such a role with the resources we have at hand.

Of course if you believe that rooting these certs at IANA as the root CA 
here from the start is essential, I'd be keen to understand the nature of 
requirement, and if that's the case then we probably need to exercise some 
patience to pull all this together,



More information about the ARIN-PPML mailing list