27 May
2020
27 May
'20
10:16 a.m.
Hi,
On Wed, May 27, 2020, at 13:54, Christopher Munz-Michielin via 44Net wrote:
Happy to help set things up. From a technical
perspective it would be
relatively straightforward, the challenge is in getting the 44net trust
anchor included by all the major RPKI vendors and networks. I'm not
sure where to begin on that side.
You'd need to publish a "Certification Practice Statement" and adhere to the
procedures described in that document, then RPKI vendors are able to understand the nature
of the service and can test how it would interact with their existing systems. As an
example: my expectation would be that network operators require the Trust Anchor's
top-level certificate to immediately narrow its claimed certification authority to the
44net blocks themselves and nothing else.
We should note there currently is no industry-recognized procedure to establish and
globally recognize new RPKI Trust Anchors, other than perhaps ICANN's ICP-2 process.
In summary: I expect that setting up RPKI services for 44net will be costly to operate and
a lot of paperwork. I'm not saying this to discourage you, just to help recognise that
it would be a significant project.
Kind regards,
Job