nanog mailing list archives

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: George Michaelson <ggm () apnic net>
Date: Thu, 24 Nov 2005 12:00:10 +1000


On Wed, 23 Nov 2005 17:54:44 -0800 (PST)
"william(at)elan.net" <william () elan net> wrote:



On Thu, 24 Nov 2005, George Michaelson wrote:

According to what I understand, there have to be two certificates
per entity:

    one is the CA-bit enabled certificate, used to sign
subsidiary certificates about resources being given to other people
to use.

    the other is a self-signed NON-CA certificate, used to sign
    route assertions you are attesting to yourself: you make
this cert using the CA cert you get from your logical parent.


So how is the 2nd one different from the first?


the important distinction is that the certificate used to sign resource
assertions doesn't have the CA bit set.

-George

Current thread:

Re: BGP Security and PKI Hierarchies, (continued)
- - - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)
    - RE: BGP Security and PKI Hierarchies Matthew Kaufman (Nov 25)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bora Akyol (Nov 22)
  - RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 23)
  - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)

(Thread continues...)