> proof of identity > S(withRIRkey, AS_A_key, AS_A) > or > S(withwebofttrustkeys, AS_A_key, AS_A) > maybe Randy is saying this is two steps, not an "OR"
S(withRIRkey, someNonRIRidentity, asA) i.e. the rir attests that the entity whose identity is externally certified has been issued asA (or prefixP). the isp may have gotten their identity from thawte, some web of trust, or santa claus. the point, as smb notes, is that the public cert of the isp is given to the rir(s) as part of the business contract. it has no need to be rir-generated, though the rirs offering cert generation as a service will likely be useful to small lirs who have no other corporate buiness/privacy preferences. randy
