Hello Alexander, On 3 Jan 2011, at 13:07, Alexander.Koeppe@merck.de wrote:
Hello List,
I'm still a bit confused, what I've to do with this new certification approach.
My LIR portal user has the "certification" permission. When I'm clicking on "certification" in the left pane, it says me that I don't have a CA yet. Well of course not. Not in the Internet. Do I need to create a CA over the portal frontend? And if yes, do I have to provide a server running a CA service in the Internet?
The resource certification service is solely a hosted platform at the moment. It means that you create a Certificate Authority for your address space on our system. We take care of all of the crypto operations like signing, re-signing, etc. as well as publication of certificates and ROAs. The ability to run your own Certificate Authority on your own systems, which interacts with ours, will be introduced later in 2011.
Somehow I jumped around some sites and reached the following messages inside the LIR portal:
"Congratulations! You now have a digital certificate covering your Provider Aggregatable (PA) address space."
Well now I'm totally confused. Does that mean, that my resources are certified already?
Yes, clicking 'I agree. Certify my resources.' on the Terms and Conditions page creates a resource certificate for all of your Provider Aggregatable address space. The only thing you have to do now is create Route Origin Authorisation specifications, indicating from which Autonomous System(s) you will be announcing your prefixes. Creation and publication will happen automatically. After this, anyone will be able to validate if your BGP announcements have a valid ROA attached to them, using one of the validation tools: http://www.ripe.net/certification/validation/ Kind regards, Alex Band