Re: LOAs for Cross Connects - Something like PeeringDB for XC

[Randy Bush <randy () psg com>]

> > What if PeeringDB would be the CA for the Facilities?
> > Supposedly this solves the CA problem of the "Colo Folks".
>
> I think pushing your security identification out (as the notional
> equinix) to a third party where you can't revoke/change/etc is asking
> for dangerous things to happen.

there are a few examples of industry associations with simple, strong,
and formal ties sufficient to allow forms of trust automation.  folk
such as karen o'donoghue, lucy lynch, and heather flanagan would be able
to speak vastly more knowledgeably in this space than i.

> again, that draft is a... draft still and I"m sure we'll have a bunch
> of chatter/discussion/changes before done, but it smells like it might
> help.

you might notice that we use it in draft-ietf-opsawg-finding-geofeeds.
but that application is specifically to use rpki data to attest to ip
address ownership.  the problem there is that the draft is a cool proof
of concept, but is not operationally easy to use.

randy

---
randy () psg com
`gpg --locate-external-keys --auto-key-locate wkd randy () psg com`
signatures are back, thanks to dmarc header mangling