Wilfried Woeber wrote:
Nick Hilliard wrote: [...] The RPKI is meant to create, distribute and manage certificates for the routing plane, not as a digital signature of ownership, true?
Correction to self: ripe-549 1.4.1 says: "The certificates issued under this hierarchy are for authorisation in support of validation of claims of current holdings of address space and/or AS Numbers. With regard to routing security, an initial goal of this PKI is to allow the holder of a set of address blocks to be able to declare, in a secure fashion, the AS Number of each entity that is authorised to originate a route to these addresses, including the context of ISP proxy aggregation. Additional uses of the PKI, consistent with the basic goal cited above, are also permitted under this policy." while 1.4.2 says: "Any uses other than those described in section 1. 4. 1 are prohibited." which seems to be somewhat contradictory or at least inconsistent. and 1.3.2 seems to indicate that only RIPE NCC Members are eligible.
The authoritative source of information about holdership is the up-to-date Numbers Registry.
If this seems like a sensible and pragmatic approach to others, I can oblige from the policy proposal point of view. Or someone else can, if they want.
Nick
Wilfried. Wilfried