On Wed, 23 Nov 2005 16:39:11 -1000 Randy Bush <randy@psg.com> wrote:
[0] - i'll want the business cert to have the ca bit if i am large enough to have internal authorization process, and thus want to create and manage different certs for dns, billing, ...
We are discussing how we can do subsidiary certificate services like this in APNIC but I think this goes outside of routing policy and into registry business practices which are unlikely to be common for all RIR and NIR in the ways that resource certificates *have* to be.
if it is not common across registries, and if my certs do not work across registries, then something is very very broken, and a major pita at the isps', aka your members', expense.
randy
If you want to see member-certificates which gate access to RIR/NIR specific services common across all registries, I think you want to get that onto an RIR meeting agenda Randy. We currently have no cross-certification activity in member identity. cheers -George