Hi, On Wed, Oct 23, 2013 at 05:00:08PM +0800, Nick Hilliard wrote:
there's no way of necessarily knowing that the contact info in the ripe database is correct, even if the resources are correctly registered to the legal person described in the organisation object. This means that the RIPE NCC has no real way of knowing if J. Random end user is the correct contact for the PI resource, which means that it needs to devolve the initial stage of this authorisation to the sponsoring LIR. This probably sucks.
OTOH, for RPKI, do we really need to know *who* the user is? If - as Alex proposes - the system checks "is there an approved contactual relationship for the resource in question, *and* does the user have the necessary credentials to satisfy the mnt-routes: criteria for the object?", the ability to create ROAs would correspond to the ability to create route: objects - and since RPKI isn't certifying identity, but "this person is authorized to authorize routing for the resource", this sounds workable for me. The bit "show me your credentials" is going to be interesting for PGP, but can be done ("show nonce, ask for signature on it, copy back to text field")... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279