nanog mailing list archives
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
From: Randy Bush <randy () psg com>
Date: Wed, 23 Nov 2005 15:19:08 -1000
So when one receives an update, which part is it that you verify with the certificate derived from the RIR chain and which part is it that you verify with the certificate derived from the web-of-trust? I'm guessing the answer in part is that there's a signature attesting to the prefix origination based on the RIR-rooted certificate, but I'm not certain what you are suggesting you would sign with the web-of-trust based ISP identity certificate (the origination announcement, indicating that it is not only authorization to originate but also source authentication?)
something like the rir attests to the delegation of the prefix and an asn to the identified isp. the isp signs, using their isp identity to o originating from the asn o originating that prefix (in sbgp, toward another isp) o possibly delegating a subset of that prefix o passing other prefixes on (in sbgp, toward ...) but either you, smb, or jis should be able to get it more correctly than i. randy
Current thread:
- Re: BGP Security and PKI Hierarchies, (continued)
- Re: BGP Security and PKI Hierarchies Valdis . Kletnieks (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 26)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)
- RE: BGP Security and PKI Hierarchies Matthew Kaufman (Nov 25)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bora Akyol (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)