nanog mailing list archives

Re: BGP Security and PKI Hierarchies

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 24 Nov 2005 20:23:57 +0100


* Sandy Murphy:

How would you feel about having the registries serve as the root of
a hierarchical certificate system?


What about the swamp space?

So an institution would have its "certificate" signed
by its upstream (or one of its upstream) providers.


(Don't know where that quote comes from.)

Why is this significantly better than ISP filters which prevent bogus
announcements from reaching wide propagation?

I've seen bogus annoucements for which big ISPs have created
corresponding RADB entries.  Wouldn't they just create certificates in
the new "secure BGP", and nothing is won?

Current thread:

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security), (continued)
- - - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Andre Oppermann (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
    - Re: BGP Security and PKI Hierarchies Valdis . Kletnieks (Nov 25)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 26)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
  - Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)
    - RE: BGP Security and PKI Hierarchies Matthew Kaufman (Nov 25)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bora Akyol (Nov 22)
  - RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 23)
  - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)

(Thread continues...)