Hi,
On Wed, May 27, 2020, at 13:54, Christopher Munz-Michielin via 44Net wrote:
Happy to help set things up. From a technical perspective it would be relatively straightforward, the challenge is in getting the 44net trust anchor included by all the major RPKI vendors and networks. I'm not sure where to begin on that side.
You'd need to publish a "Certification Practice Statement" and adhere to the procedures described in that document, then RPKI vendors are able to understand the nature of the service and can test how it would interact with their existing systems. As an example: my expectation would be that network operators require the Trust Anchor's top-level certificate to immediately narrow its claimed certification authority to the 44net blocks themselves and nothing else.
We should note there currently is no industry-recognized procedure to establish and globally recognize new RPKI Trust Anchors, other than perhaps ICANN's ICP-2 process.
In summary: I expect that setting up RPKI services for 44net will be costly to operate and a lot of paperwork. I'm not saying this to discourage you, just to help recognise that it would be a significant project.
Kind regards,
Job