Rob Evans wrote:
Folks,
PDP Number: 2008-04 Using the Resource Public Key Infrastructure to Construct Validated IRR Data
We have ourselves a policy proposal. :)
The discussion here should concentrate on whether it is useful to construct an IRR out of certified resources placed in the RPKI.
It may also be useful to consider this in the light of alternative approaches where the RPSL object is signed by the resource holder, using a signing certificate that is validatable in the context of a resource PKI. In this case the certificates in the RPKI would be used to validate that the object that was retrieved from the IRR was signed by the current holder of the resources that are described in the object, has not been altered or tampered in any way, and that trust in the validity of the object is no longer based just on the admission and management policies of the registry. Using digitally signed attestations to synthesise IRR objects, as per this proposal, and adding digital signatures to the IRR objects appear to be alternate paths in the overall direction of adding some mechanisms of explicit validation of IRR objects. What classes of IRR objects could be generated using the approach of generating IRR objects from RPKI data? regards, Geoff