On Oct 3, 2010, at 7:26 PM, Randy Bush wrote: >> Do you think there is value in creating a system like this? > > yes. though, given issues of errors and deliberate falsifications, i am > not entirely comfortable with the whois/bgp combo being considered > formally authoritative. but we have to do something. > >> Are there any glaring holes that I missed > > yes. the operator should be able to hold the private key to their > certificate(s) or the meaning of 'private key' and the security > structure of the [ripe part of the] rpki is a broken. > > randy
I'll go a step further and say that the resource holder should be the ONLY holder of the private key for their resources. Owen
