### On Fri, 11 Jan 2002 14:45:35 -0500 (EST), Tony Tauber ### <ttauber@genuity.net> casually decided to expound upon nanog@merit.edu ### the following thoughts about "SSL for IRR queries?": TT> If there's a desire to trust information garnered TT> from the Internet Routing Registry (eg. RADB, RIPE), TT> it would seem that one would like a way to verify TT> the server responding to queries. There is implimentation work being done for rps-auth (RFC2725) by RIPE, Merit and others I believe. This should ensure authenticated integrity of the data. If it's query-time man-in-the-middle type attacks one is worried about then an implimentation of rps-dist (RFC2769) addresses that issue which I believe is being done by RIPE, Merit and others as well. I had heard it was moved to a lower priority than implimenting rps-auth however. Perhaps someone from the RIPE db-wg could comment. -- /*===================[ Jake Khuon <khuon@NEEBU.Net> ]======================+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +=========================================================================*/