Opteamax GmbH wrote:
On 16.06.2013 18:49, Florian Weimer wrote:
* Jens Ott:
IMHO the whole system only make sense, when it is open for all resources!
Wouldn't this mean that ARIN (or LACNIC or ...) could issue resource certification for resources allocated to you by RIPE NCC?
Resource certification outside the regular hierarchical model can get very messy. (That's probably the most significant advantage of DNSSEC over the out-of-tree browser PKI.)
Maybe the context was not pointed good enough in my post. I was talking about making RPKI available for RIPE-PI-Space identicalliy for as for RIPE-PA, not about signing ARIN, LACNIC or whatever space... The hierarchical model should be kept in my opinion ...
Maybe initially, while the "market penetration" is not big, yet. But keeping the "traditional" single-root hierarchy also means keeping the single pooint / paths of failure.
BR Jens
I am somewhat relieved that I learned today that the IETF is supposedly working on extensions to the current formats. This c|would then support multiple roots / certificates / whatevcer we need. Wilfried.
!DSPAM:637,51bdf2e746056786959777!
-- Jens Ott
Opteamax GmbH
Simrockstr. 4b 53619 Rheinbreitbach
Tel.: +49 2224 969500 Fax: +49 2224 97691059 Email: jo@opteamax.de
HRB: 23144, Amtsgericht Montabaur Umsatzsteuer-ID.: DE264133989