[ppml] Verifying the title to an IP address block

Christopher Morrow christopher.morrow at gmail.com
Tue Jul 24 11:22:23 EDT 2007


On 7/24/07, Owen DeLong <owen at delong.com> wrote:

>
>         1.      IANA signs all delegations with a well-known key
>                 in a way that strongly identifies the recipient.
>
>         2.      Each RIR would sign its allocations/assignments in
>                 a way that strongly identifies the direct recipient.
>
>         3.      This chain would continue until finally the end-user
>                 was identified.
>
>         4.      A mechanism should be built to enable DNS RRs
>                 to reflect IP/ASN tuples signed by both the Address
>                 and the ASN holders, reflecting the chain of
>                 authority for each.

i agree with all of the  above save #4... Only because I don't see it
being feasible in a 'light weight manner' (from the ops perspective)
in the short term and because it seems bolted onto the side of the
larger initial goal which was some cert-chain down to the
end-delegation.  I believe Sandy Miller had some slide-ware on this
very thing actually?

-Chris



More information about the ARIN-PPML mailing list