Ryan Shea wrote on 22-09-2009 19:55: [...] > and potentially their trusted status. What entices an RIR toward > vigilance as they validate the supposedly authorized origin of a prefix? >
First of all, validation is performed by a relying party, for instance an ISP. Secondly, the RIRs do not authorise the origin of a prefix, that is done by a prefix holder. What the RIRs and LIRs and all other parties in the chain of resource allocation do is attest to the that at the time of issuance of a certificate the holder of the address space listed in the extensions demonstrated possession of the private key. These basic RPKI data can be used in other application, securing routing, for instance. > Ryan Shea > Senior Engineer, Network and Info Security > Verizon Business > Regards, Andrei > > ------------------------------------------------------------------------ > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
