% Please note that at present our certificates are used for identifying % member staff to access internal aplication (MyAPNIC), so the subject of % third-party trust issues may not yet apply. By the time 3rd parties % become involved (eg allocation/route certification), we would certainly % have more standard CA/PKI structures in place. % % This is a new area for most of us, and we are very open to advice and % input from the community. % % Cheers, % Sanjaya % APNIC CA Project Manager of interest to me is the presumption that all interaction between parties is assumed to be via http applications, e.g. the need to install a cert into your browser. last time I checked, many/most RIRs supported a variety of methods for interaction w/ their customers. I'd like to see how the use of x509 certs would be applicable/palatable to other applications. It would be useful to also have more clarification on how bootstraping is to be done. I tend to chnage hardware/software every 6 months or so and have a tough time keeping up w/ all the existing pswds/keys that the various systems use/expect. I will forget/lose any pswd/key at least once. --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise).