Hello List, I'm still a bit confused, what I've to do with this new certification approach. My LIR portal user has the "certification" permission. When I'm clicking on "certification" in the left pane, it says me that I don't have a CA yet. Well of course not. Not in the Internet. Do I need to create a CA over the portal frontend? And if yes, do I have to provide a server running a CA service in the Internet? Somehow I jumped around some sites and reached the following messages inside the LIR portal: "Congratulations! You now have a digital certificate covering your Provider Aggregatable (PA) address space." Well now I'm totally confused. Does that mean, that my resources are certified already? Hope some of you can help to bring some clarity to me about this topic. Thanks&Regards Alexander Koeppe This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click http://disclaimer.merck.de to access the German, French, Spanish and Portuguese versions of this disclaimer.
Hello Alexander, On 3 Jan 2011, at 13:07, Alexander.Koeppe@merck.de wrote:
Hello List,
I'm still a bit confused, what I've to do with this new certification approach.
My LIR portal user has the "certification" permission. When I'm clicking on "certification" in the left pane, it says me that I don't have a CA yet. Well of course not. Not in the Internet. Do I need to create a CA over the portal frontend? And if yes, do I have to provide a server running a CA service in the Internet?
The resource certification service is solely a hosted platform at the moment. It means that you create a Certificate Authority for your address space on our system. We take care of all of the crypto operations like signing, re-signing, etc. as well as publication of certificates and ROAs. The ability to run your own Certificate Authority on your own systems, which interacts with ours, will be introduced later in 2011.
Somehow I jumped around some sites and reached the following messages inside the LIR portal:
"Congratulations! You now have a digital certificate covering your Provider Aggregatable (PA) address space."
Well now I'm totally confused. Does that mean, that my resources are certified already?
Yes, clicking 'I agree. Certify my resources.' on the Terms and Conditions page creates a resource certificate for all of your Provider Aggregatable address space. The only thing you have to do now is create Route Origin Authorisation specifications, indicating from which Autonomous System(s) you will be announcing your prefixes. Creation and publication will happen automatically. After this, anyone will be able to validate if your BGP announcements have a valid ROA attached to them, using one of the validation tools: http://www.ripe.net/certification/validation/ Kind regards, Alex Band
participants (2)
-
Alex Band -
Alexander.Koeppe@merck.de