From louie at equinix.com Tue Apr 8 16:00:43 2003 From: louie at equinix.com (Louis Lee) Date: Tue, 8 Apr 2003 13:00:43 -0700 Subject: [dbwg] Am I lame or not? Message-ID: <20030408130043.A9837@nemo.corp.equinix.com> Ginny & Ed, Thank you for the update on the progress you've made on identifying lame delegations in the in-addr.arpa zone and getting the information updated or delegated servers corrected. I am assuming that the messages sent to the POCs already include a link to the FAQ: http://www.arin.net/registration/lame_delegations/ Does Registration Services get a lot of questions from POCs who obviously have not read the FAQ? Have you received many requests to assist in testing lameness? It may be useful to have an "Am I Lame or Not?" webpage to assist in performing a dig and interpreting results. I trust that y'all already have thoughts on what this webpage might look like. Please feel free to contact me directly if you're looking for suggestions and would like to move the discussion off the list. Of course, this doesn't help if the POC doesn't go to the ARIN website (to check the FAQ, etc). I do NOT think that this is a medium or high priority at all. Comments from others? Louie ------------------------------------------------------- Louis Lee louie at equinix.com Staff Network Engineer company: 650/513-7000 Equinix, Inc. desk: 650/513-7162 http://www.equinix.com/ fax: 650/513-7903 From timc at arin.net Tue Apr 8 17:17:21 2003 From: timc at arin.net (Tim Christensen) Date: Tue, 8 Apr 2003 17:17:21 -0400 (EDT) Subject: [dbwg] FWD: Suggestions regarding X.509 authentication process Message-ID: Message forwarded from non-dbwg subscriber follows. As a point of order, if you desire to discuss the issue with Owen, it is appropriate for the discussion to occur on dbwg for the benefit of all subscribers; I am notifying Owen thusly. Tim Based on the discussion at today's ARIN meeting and an off-line discussion with Tim Christensen (sp?), I'd like to suggest the following for the DBWG... In the process of implementing X.509 authentication, I think it is highly desirable to have the following: + Plan for implementing web-based submissions using X.509 authentication as an alternative to emailed templates. Preferably, this would be an HTTPS transaction. + Provide a web interface for users to fill-out, generate, and submit their CSR to ARIN. There should be no need for the end user to posess the means to generate a CSR. This wouldn't preclude email submission for users that do, but it would make it more convenient for those that don't (and, for many that do, it will simplify conformance of their CSR to ARIN's requirements.) If you want to involve me in further discussion of THIS issue, please CC me, as I am not subscribed to DBWG. Thanks, Owen DeLong owen at delong.com From ljb at merit.edu Fri Apr 11 11:24:43 2003 From: ljb at merit.edu (Larry J. Blunk) Date: Fri, 11 Apr 2003 11:24:43 -0400 Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers Message-ID: <20030411152444.0D0FD5DDB7@segue.merit.edu> There's an Internet Draft available from BBN Technologies which describes extensions to X.509 certificicates to incorporate IP and AS allocation information. See -- http://www.net-tech.bbn.com/sbgp/draft-ietf-pkix-x509-ipaddr-as-extn-00.txt This draft was produced as part of the Secure BGP project. Is there any consideration being given to supporting these extensions in ARIN's implementation of X.509? Regards, Larry Blunk Merit From pwilson at apnic.net Sun Apr 13 20:05:11 2003 From: pwilson at apnic.net (Paul Wilson) Date: Mon, 14 Apr 2003 10:05:11 +1000 Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers In-Reply-To: <20030411152444.0D0FD5DDB7@segue.merit.edu> Message-ID: <63B9746D4A92BF498D78584958F537E30A501A@lotus.exchange> We at APNIC believe that there is a fundamental problem with this draft, namely that it attempts to associate Internet resources with public key (ie identity) certificates, as if those resources are fundamentally bound to the holder of the certificate. This problem is reflected in the language of the document, which refers in many places to "ownership" of IP addresses and ASNs. On the contrary, Internet resources are allocated on a lease/license basis which is asynchronous with creation or renewal of public key certs (under normal circumstances at least). Under this draft, the recipient of resources issued over time by an RIR would need to (a) maintain a whole set of X.509 certs (one for each resource allocation) and receive an additional public key cert with each new resource allocation; or (b) maintain a single or smaller set of certs carrying all of their resource allocations, in which case they would be subject to repeated certificate revokation and reissue each time they received a new allocation. We believe that the proposed extensions are better suited to Attribute Certificates, which are purpose-built for exactly this type of application. Of course, both sets of extensions could be approved and used, with the disadvantage of having two "competing" ways of representing resource allocations. Paul Wilson APNIC. > -----Original Message----- > From: dbwg-request at arin.net [mailto:dbwg-request at arin.net] On > Behalf Of Larry J. Blunk > Sent: Saturday, 12 April 2003 1:25 AM > To: dbwg at arin.net > Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers > > > > There's an Internet Draft available from BBN Technologies > which describes extensions to X.509 certificicates to > incorporate IP and AS allocation information. See -- > http://www.net-tech.bbn.com/sbgp/draft-ietf-pkix-x509-ipaddr-as-extn-00.txt This draft was produced as part of the Secure BGP project. Is there any consideration being given to supporting these extensions in ARIN's implementation of X.509? Regards, Larry Blunk Merit From edlewis at arin.net Wed Apr 16 16:52:04 2003 From: edlewis at arin.net (Edward Lewis) Date: Wed, 16 Apr 2003 16:52:04 -0400 Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers In-Reply-To: <20030411152444.0D0FD5DDB7@segue.merit.edu> References: <20030411152444.0D0FD5DDB7@segue.merit.edu> Message-ID: As far as whether "any consideration [is] being given to supporting these extensions in ARIN's implementation of X.509?" Stopping well short of saying that whether ARIN will commit to implementing (or deploying) these extensions or not, we are looking at them - and other options. As Paul Wilson stated, in APNIC's experience, they have noticed "a fundamental problem with this draft" as described in his reply. Although we are continuing our research into this, it appears unlikely that we will implement to the (now-expired) internet draft based (at least) on APNIC's input. Also, note that document is expired and it is 'just' an internet draft. If/when a new version is distributed, it we will consider it. It is always risky committing to implementing anything based on an IETF internet draft, as such a document hasn't completed a full review by the IETF community. And, of course, if we are asked for input on that document and we happen to have something to contribute, we will. At 11:24 -0400 4/11/03, Larry J. Blunk wrote: > There's an Internet Draft available from BBN Technologies >which describes extensions to X.509 certificicates to >incorporate IP and AS allocation information. See -- > >http://www.net-tech.bbn.com/sbgp/draft-ietf-pkix-x509-ipaddr-as-extn-00.txt > > This draft was produced as part of the Secure BGP project. >Is there any consideration being given to supporting these >extensions in ARIN's implementation of X.509? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer "I'm sorry, sir, your flight is delayed for maintenance. We are pounding out the dents from the last landing." From sanjaya at apnic.net Wed Apr 16 21:27:20 2003 From: sanjaya at apnic.net (Sanjaya) Date: Thu, 17 Apr 2003 11:27:20 +1000 Subject: [dbwg] X.509 Extensions for IP Addresses and AS Identifiers In-Reply-To: Message-ID: <001501c30480$7dc89c10$a71d0cca@assanjaya> Hi all, As a background information, attached is the mail sent on June 2002 from APNIC secretariat to the authors of the document outlining the issues we have with the original draft. In general APNIC is supportive to the idea of issuing certificates with IP address/ASN delegation authority extensions to support secure routing announcements. Hope this helps. Cheers, Sanjaya CA Project Manager, APNIC > -----Original Message----- > From: dbwg-request at arin.net [mailto:dbwg-request at arin.net] On > Behalf Of Edward Lewis > Sent: Thursday, 17 April 2003 6:52 AM > To: Larry J. Blunk > Cc: dbwg at arin.net > Subject: Re: [dbwg] X.509 Extensions for IP Addresses and AS > Identifiers > > > As far as whether "any consideration [is] being given to supporting > these extensions in ARIN's implementation of X.509?" > > Stopping well short of saying that whether ARIN will commit to > implementing (or deploying) these extensions or not, we are looking > at them - and other options. As Paul Wilson stated, in APNIC's > experience, they have noticed "a fundamental problem with this draft" > as described in his reply. Although we are continuing our research > into this, it appears unlikely that we will implement to the > (now-expired) internet draft based (at least) on APNIC's input. > > Also, note that document is expired and it is 'just' an internet > draft. If/when a new version is distributed, it we will consider it. > It is always risky committing to implementing anything based on an > IETF internet draft, as such a document hasn't completed a full > review by the IETF community. > > And, of course, if we are asked for input on that document and we > happen to have something to contribute, we will. > > At 11:24 -0400 4/11/03, Larry J. Blunk wrote: > > There's an Internet Draft available from BBN Technologies > >which describes extensions to X.509 certificicates to > >incorporate IP and AS allocation information. See -- > > > >http://www.net-tech.bbn.com/sbgp/draft-ietf-pkix-x509-ipaddr- as-extn-00.txt > > This draft was produced as part of the Secure BGP project. >Is there any consideration being given to supporting these >extensions in ARIN's implementation of X.509? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer "I'm sorry, sir, your flight is delayed for maintenance. We are pounding out the dents from the last landing." -------------- next part -------------- An embedded message was scrubbed... From: "Sanjaya" Subject: draft-ietf-pkix-x509-ipaddr-as-extn (proposed changes) Date: Mon, 3 Jun 2002 15:49:05 +1000 Size: 271378 URL: From memsvcs at arin.net Wed Apr 23 15:29:59 2003 From: memsvcs at arin.net (Member Services) Date: Wed, 23 Apr 2003 15:29:59 -0400 (EDT) Subject: [dbwg] Querying ARIN's WHOIS: New Training Available Message-ID: As part of the continuing effort to provide education and training to the ARIN community, a computer-based training (cbt) module which is focused on query building within ARIN's WHOIS is now available on the ARIN website. This training module which was released at the ARIN XI meeting in Memphis, Tennessee can be found at the following URL: http://www.arin.net/library/training/WHOIS_CBT/index.html. This training module provides the skills needed to efficiently query the ARIN WHOIS database. Self contained units show users how to create both simple and complex queries as well as how to interpret the output from these queries. Both novice and experienced users are served by this training module. Novice users will benefit from completing the entire program in sequential order while experienced users can hone specific query skills by selecting applicable units. As always, ARIN is interested in hearing your feedback. Please take a moment to look over the training module and send any feedback you may have to training at arin.net. A reminder: ARIN's Database and Templates, the first cbt, explains the features of the ARIN database, areas of authority, and provides an overview of the ARIN templates. You will find it at: http://www.arin.net/library/training/DBTC_CBT/index.html Regards, ARIN Member Services