In APNIC we use X.509 certificate to secure MyAPNIC (similar to LIR Portal). Having X.509 auth in the whois db would make a better integration with this facility.
Is this then being widely used? No issues with client support and configurations?
Hi Kurtis, We have about 450 certificates issued so far. On Windows platform client support works fine for all browsers (IE, Netscape, Opera, Mozilla). OS-X is ok with Netscape and Opera (Opera in OS-X has some problems in handling .css, but that's not X.509 related). Linux is fine with Netscape and Mozilla. The hardest thing is to get the requestor to send their photo-id! :-) which is required by our Certificate Practice Statement.
We have also been closely monitoring IETF's PKIX working group where there's an effort to certify ASN and internet addresses to protect routing announcements. This might eventually affect how the public will use the internet routing registry, which is also part or our whois database.
We expect X.509 will be used to make certified statements about resource allocation as part of S-BGP or SO-BGP and/or wider requirements for authoritative statements on resources
I am not following the PKIX WG. Do you have any links to information on this, or how this is planned to be implemented?
For the PKIX draft see: http://www.ietf.org/internet-drafts/draft-ietf-pkix-x509-ipaddr-as-extn- 01.txt On S-BGP check this site: http://www.ir.bbn.com/projects/sbgp/ On SoBGP: ftp://ftp-eng.cisco.com/sobgp/index.html Some comments on soBGP/sBGP: http://www.psg.com/~randy/030603.nanog-sxbgp.pdf http://www.nanog.org/mtg-0306/pdf/meyer.pdf Hope this helps. Cheers, Sanjaya
Best regards,
- - kurtis -