In your previous mail you wrote:
i think there is a misunderstanding here... by verification i am not
talking about the protocol to perform the verification, but the
actual
process carried on by the Registration authority to verify that the
one
that is requesting the certificate actually owns the ip address
that it
wants to include in the certificate. It is not the protocol
perspective
that i am refering to but the logistic perspective. What is the
administrative procedure to perform such verification. My point is
that
you need to build a different administrative setup to verify the
information included in this type of certificates...
=> in fact I believe it is easier than for names because the address
assignment is well organized: there is no choice because without
an address and some routes to your box you can't receive a packet.
I.e., there is no choice... The whole thing has to be provided by
the IANA-RIR-LIR-ISPs chain, exactly as RFC 3779 for routing (and
SEND) or as the reverse tree of the DNS.
But we are talking about something we know it shan't happen and
we really want to not rely on (:-)!