Hi James,
Maybe its the fact that RIPE are providing the full solution as well as the ability to publish the information thats the issue, if rather than the NCC creating a tool for validation it just published the keys and the software tools for people to do the validation themselves then I might be happier.
Euhm. The NCC *are* publishing the tools to do the validation on your own system. The certificates are currently created and managed in a hosted environment on an NCC server. Once the Up/Down implementation is finished you can also host this part on your own server if you don't want all the private keys to be on an NCC server. Then you install your own validation/cache software on your own server that checks the certificates, and your routers pull their information from that cache. Then the route maps on the router determine what is done with that information. I think that Malcolm is afraid that governments will force ISPs to do this validation and route-mapping in a certain way that takes away freedom-of-choice about what to route and what not to route. Malcolm: please correct me if I am wrong. Sander