Randy Bush wrote:
<pedantry>
On 1 January 2011, the RIPE NCC will launch a hosted production system, which will allow all LIRs to generate a certificate of holdership,
not exactly. it will allow LIRs to ask NCC to generate a cert for the LIR's holdings.
Regarding the "ask" - one of my private comments regarding the proposed certification policy was to suggest that the NCC, upon request, MUST (in IETF terminology] issue such a certificate. :-)
which will be held in a repository maintained by the RIPE NCC.
along with the LIR's [not so} private keys. this is sorely broken.
Network operators will also be able to start making routing decisions based on the system as of this date. Further iterations of this system will be deployed over the coming 12 months, including the option for LIRs to host their own Certificate Authority and generate certificates for their own customers.
and hold their own private keys.
randy
Wilfried