Larry J. Blunk wrote:
On Tue, 2003-11-04 at 10:51, Randy Bush wrote:
Those options are not mutually exclusive, and, while I agree that it would be better if the RIR's accepted generic GPG keys along the lines of what RADB does, the X.509 certificate is not a bad first step. At least it's better than Mail-From or Crypt-PW.
Should we, as a community, register with RIR's with PGP.
Each of the RIRs has either already established, or is in the process of establishing, a CA for that purpose. Please use them.
thanks, but i choose to have my peers certify my identity, not the rirs
the rirs already accept pgp certs. and i use them, as do all security-conscious registrants. i was disagreeing with woody's pushing x.509 certs to the exclusion of pgp certs.
randy ---
I would note that the RIPE NCC, while implementing X.509 support, is moving away from the concept of running their own CA. Their X.509 support will be very "PGP-like". See the following for details - http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-db-x509.pdf
Yes and no. For the RIPE Database authentication pgp and x.509 will be equally accepted with no CA involved as such. This is different from x.509 certificates the RIPE NCC issues for the members, only to authenticate themselves while accessing RIPE NCC services. Thanks, Andrei Robachevsky RIPE NCC