3 RIR RIR APNIC 1. 2. MyAPNIC RIPE NCC 1. 2. LIR Portal ARIN
3. RIR 3.1. RIR Regional Internet Registry APNIC Asia Pacific Network Information Centre RIR RIPE NCC Réseaux IP Européens Network Coordination Centre APNIC RIPE NCC RIR JPNIC APNIC RIPE NCC RIR ARIN American Registry for Internet Numbers RIR MAIL-FROM CRYPT-PW MD5 PGPKEY 3-1 3-1 APNIC mntner 1 NONE MAIL-FROM CRYPT-PW MD5 PGPKEY UNIX crypt 8 UNIX md5 65 CRYPT-PW CRYPT-PW MD5 DES Unix crypt md5 1 Authentication options for maintainer objects http://www.apnic.net/db/ref/attributes/mntner/auth-mntner.html 53
RIR whois CRYPT-PW 8 MD5 PGPKEY PGPKEY 3-2 3-2 NONE MAIL-FROM CRYPT-PW MD5 PGPKEY PGPKEY PGP whois RIR PGP PKI APNIC RIPE NCC ARIN 54
3.2. RIR PKI APNIC RIPE NCC PKI Public-Key Infrastructure ARIN PKI 3.2.1. PKI PKI Certificate Authority CA EE CA EE EE CA EE EE EE 3.2.1.1. CA CA RIR 3.2.1.2. EE CA SSL/TLS CA EE CA CA CA 3.2.1.3. EE EE CA 55
EE CA CA EE 3.2.1.4. EE CRL Certification Revocation List OCSP Online Certificate Status Protocol 3.2.1.5. 56
3.3. APNIC APNIC Asia Pacific Network Information Centre APNIC RIR APNIC 1999 PKI 1999 Scoping Project 2000 Pilot Project APNIC MyAPNIC MyAPNIC PKI 3.3.1. MyAPNIC APNIC ( APNIC CA ) APNIC MyAPNIC MyAPNIC SSL/TLS 3-1 57
APNIC CA 1. CA 証明書組み込み 2. 証明書要求 3. サービス利用 APNIC ユーザ SSL/TLS によって保護される My APNIC 3-1 MyAPNIC MyAPNIC APNIC CA 3.3.2. EE CA APNIC CA 3-2 58
Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-2 APNIC 2 APNIC 3-3 Mozilla CA 2 How to obtain a certificate from APNIC https://www.apnic.net/ca/obtain.html 59
3-3 www.apnic.net APNIC CA 3-4 CA APNIC CA 60
3-4 APNIC CA Mozilla Firefox 3-5 3-5 APNIC CA Mozilla Firefox 61
3.3.3. EE APNIC CA APNIC CA 3-6 Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-6 FAX 3-3 3 3 APNIC Certificate Request Form https://www.apnic.net/ca/apnic-crf.pdf 62
3-3 Identification document Your full name Your email address The name of organization APNIC account name Passwd ID APNIC 3.3.4. EE APNIC CA RA IA 3.3.3 APNIC CA 3.3.5. MyAPNIC 3-7 63
MyAPNIC リソース管理 IPv4 IPv6 AS 番号 リクエスト発行 運用管理 メンバ管理 連絡先管理 支払い履歴 リクエスト発行 トレーニング 履歴確認 申し込み 3-7 MyAPNIC 1 3-4 3-4 MyAPNIC IPv4 IPv6 AS AS IPv4 IPv6 AS APNIC Web 3-8 64
Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-8 MyAPNIC 65
2 3-5 3-5 MyAPNIC APNIC admin@apnic.net 3-9 66
Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-9 MyAPNIC http://www.apnic.net/myapnic http://www.apnic.net/myapnic-demo/member_edit.htm demo/member_edit.html 67
3 3-6 3-6 MyAPNIC APNIC 3-10 Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-10 MyAPNIC http://www.apnic.net/myapnic http://www.apnic.net/myapnic-demo/training.html demo/training.html 68
3.3.6. MyAPNIC MyAPNIC MyAPNIC 3-11 MyAPNIC MyAPNIC Copyright APNIC Pty Ltd Reproduced with permission. For further information see http://www.apnic.net/ 3-11 MyAPNIC http://www.apnic.net/myapn http://www.apnic.net/myapnic ic-demo/security.html demo/security.html 69
3.3.7. APNIC CA APNIC MyAPNIC APNIC sobgp secure origin BGP 4 RIR NIR sobgp 4 Secure Origin BGP (sobgp) Certificates http://www.ietf.org/internet-drafts/draft-weis-sobgp-certificates-01.txt 70
3.4. RIPE NCC RIPE NCC Réseaux IP Européens Network Coordination Centre RIPE NCC SSL 5 LIR Portal 3-12 copyright RIPE NCC. All rights reserved. 3-12 LIR Portal LIR Portal LIR 5 LIR Portal https://lirportal.ripe.net/lirportal/index.html 71
IP AS IPv4 IPv6 AS RIPE Whois LIR Portal / 3.4.1. 2003 5 12 16 RIPE45 Improved Secure Communication System for RIPE NCC Members / Tiago Rodrigues Antao 6 RIPE NCC RIPE NCC / LIR X.509 PKI RIPE NCC PKI 3-13 6 Improved Secure Communication System for RIPE NCC Members http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-lir-pki/ 72
LIR ID にリンクした鍵の証明書を要求 認証局 LIR Portal 証明書 証明書 証明書の要求公開鍵の送信 LIR ユーザ 3-13 7 RIPE NCC PKI LIR Portal 3.4.2. EE CA LIR Portal 3.4.3. EE LIR Portal RA LIR Portal PMS Privilege Management System 3-14 RIPE NCC LIR LIR RA LIR LIR 7 certificate management cycle http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-lir-pki/page9.htm 73
RIPE NCC CA 証明書発行 ( 管理者権限 ) LIR Admin 証明書発行 ( ユーザ毎に権限設定 ) LIR User LIR User LIR User LIR User 3-14 RIPE NCC PMS 3.4.3.1. LIR RegID LIR FAX LIR Portal 8 LIR Fax Confirmation Number E-mail Confirmation URL E-mail Confirmation URL URL Fax Confirmation Number LIR Portal 8 Member Services https://lirportal.ripe.net/lirportal/activation/activation_request.html 74
3.4.3.2. RA LIR LIR 3.4.4. EE PMS RA 3-15 RIPE NCC RA LIR LIR RIPE NCC CA 証明書発行 ( 管理者権限 ) LIR Admin LIR Admin LIR Admin 証明書発行 証明書発行 証明書発行 LIR User LIR User LIR User LIR User LIR User LIR User 3-15 PMS RA LIR RIPE NCC CA 3.4.5. LIR Portal RIPE NCC RIPE NCC LIR 75
PGP PGP X.509 X.509 LIR 3.4.6. RIPE NCC X.509 PKI LIR RIPE NCC LIR Portal X.509 PKI RIPE 3.4.6.1. RIPE RIPE X.509 PKI LIR Portal RIPE LIR X.509 auth: key-cert LIR webupdates RIPE 3.4.6.2. Reverse Delegation LIR X.509PKI LIR LIR Portal LIR Portal 76
77
3.5. ARIN ARIN American Registry for Internet Numbers PKI RIR ARIN 3.5.1. 2002 ARIN X Open Policy Meeting 2002 ARIN X Open Policy Meeting Cathy Murphy Next Steps for the ARIN Registration Database 9 PGP X.509 Login/SSL Web Routing Registry 3.5.2. 2003 ARIN XI Open Policy Meeting 2003 ARIN XI Open Policy Meeting Tim Christensen Authentication 10 X.509 PGP MD5 Public Policy Meeting PGP RIR 9 ARIN X Public Policy Meeting Minutes http://www.arin.net/library/minutes/arin_x/ppm.html 10 ARIN XI Public Policy Meeting Minutes http://www.arin.net/library/minutes/arin_xi/ppm_minutes_day2.html 78
X.509 ARIN 3.5.3. 2003 ARIN XII Open Policy Meeting 2003 ARIN XII Open Policy Meeting Tim Christensen Cryptographic Authentication 11 ARIN IETF RFC ARIN CA 11 ARIN XII Public Policy Meeting Minute, Day 1 http://www.arin.net/library/minutes/arin_xii/ppm_minutes_day1.html#11 79
POC Point Of Contact CSR POC ARIN CSR ARIN CSR ARIN POC POC ARIN POC POC CSR ARIN RIR 80
Mail-From ARIN ARIN XIII Using X.509 Authentication with ARIN s Database 81
3.6. APNIC RIPE NCC Web https S/MIME RIPE NCC BGP APNIC APNIC CA MyAPNIC Web MyAPNIC Executive Council APNIC CA Web CP/CPS RIPE NCC PGP PKI S/MIME X.509 ARIN ARIN IP RIR JPNIC RIR 3 RIR JPNIC 4 RIR RIR RIR RIR EPP/CRISP 82
RIR RIR JPNIC CP/CPS RIR RIR IETF 83