[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
El 21/07/2006, a las 19:21, Francis Dupont escribió:
In your previous mail you wrote:
i think there is a misunderstanding here... by verification i am not
talking about the protocol to perform the verification, but the
process carried on by the Registration authority to verify that the
that is requesting the certificate actually owns the ip address
wants to include in the certificate. It is not the protocol
that i am refering to but the logistic perspective. What is the
administrative procedure to perform such verification. My point is
you need to build a different administrative setup to verify the
information included in this type of certificates...
=> in fact I believe it is easier than for names because the address
assignment is well organized: there is no choice because without
an address and some routes to your box you can't receive a packet.
I.e., there is no choice... The whole thing has to be provided by
the IANA-RIR-LIR-ISPs chain, exactly as RFC 3779 for routing (and
SEND) or as the reverse tree of the DNS.
But we are talking about something we know it shan't happen and
we really want to not rely on (:-)!
at least that it would imply an important deployment cost