On Tue, 2003-11-04 at 10:51, Randy Bush wrote:
Those options are not mutually exclusive, and, while I agree that it would be better if the RIR's accepted generic GPG keys along the lines of what RADB does, the X.509 certificate is not a bad first step. At least it's better than Mail-From or Crypt-PW.
Should we, as a community, register with RIR's with PGP. Each of the RIRs has either already established, or is in the process of establishing, a CA for that purpose. Please use them. thanks, but i choose to have my peers certify my identity, not the rirs
the rirs already accept pgp certs. and i use them, as do all security-conscious registrants. i was disagreeing with woody's pushing x.509 certs to the exclusion of pgp certs.
randy ---
I would note that the RIPE NCC, while implementing X.509 support, is moving away from the concept of running their own CA. Their X.509 support will be very "PGP-like". See the following for details - http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-db-x509.pdf