> The current effort will only allow for ipv6 objects > (route6/inet6num).
s/allow for/add support for/ i hope > We are using the same code that RIPE is using at http://certtest.ripe.net. > RIPE has been very kind to allow us to use their code. As for ARIN, > this is a pilot and is certainly not a final fixed-feature set. The > first go of this is the "hosted" solution where an ISP can come into > ARIN's pilot and create ROAs based off of allocations that they > have received from ARIN. > > All the ROAs will be placed into a rsync repository that can be retrieved > and validated. Specifically, here are the features that are a part of the > system: > > * Enables ARIN resource holders to request certificates for their IPv4 and > IPv6 Provider Aggregatable (PA) resources > * Enables ARIN resource holders to manage Route Origin Authorizations (ROAs) > for their PA address space > * Provides a public repository of certificates and ROAs > * Handles key rollovers and revocations the simple version of the question: who holds my private key(s)? the longer version: does this implement my having my own subsidiary CA with it communiciating with ARIN's and RIPE's ... using the protocols of the ietf sidr work? randy
