What if PeeringDB would be the CA for the Facilities? Supposedly this solves the CA problem of the "Colo Folks".
I think pushing your security identification out (as the notional equinix) to a third party where you can't revoke/change/etc is asking for dangerous things to happen.
there are a few examples of industry associations with simple, strong, and formal ties sufficient to allow forms of trust automation. folk such as karen o'donoghue, lucy lynch, and heather flanagan would be able to speak vastly more knowledgeably in this space than i.
again, that draft is a... draft still and I"m sure we'll have a bunch of chatter/discussion/changes before done, but it smells like it might help.
you might notice that we use it in draft-ietf-opsawg-finding-geofeeds. but that application is specifically to use rpki data to attest to ip address ownership. the problem there is that the draft is a cool proof of concept, but is not operationally easy to use. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header mangling