nanog mailing list archives
Re: RPKI chain of trust
From: Alex Band <alex () nlnetlabs nl>
Date: Wed, 26 Aug 2020 13:01:14 +0200
Hi Fabiano,
On 26 Aug 2020, at 11:03, Fabiano D'Agostino <fabiano.dagostino96 () gmail com> wrote: Hi Alex, thank you. I read that documentation and I was reading this one from page 201: https://www.ripe.net/support/training/material/bgp-operations-and-security-training-course/BGP-Slides-Single.pdf It seems that RIRs have a self-signed root certificate. They use this certificate to sign LIR's certificates and LIR's private key is used to sign ROAs. I am not very sure about the use of public keys.
The “LIR”’s public key is on the certificate signed by the RIR and that makes the chain. -Alex
Current thread:
- RPKI chain of trust Fabiano D'Agostino (Aug 26)
- Re: RPKI chain of trust Alex Band (Aug 26)
- Re: RPKI chain of trust Fabiano D'Agostino (Aug 26)
- Re: RPKI chain of trust Alex Band (Aug 26)
- Re: RPKI chain of trust Fabiano D'Agostino (Aug 26)
- Re: RPKI chain of trust Alex Band (Aug 26)