nanog mailing list archives

Re: soBGP deployment

From: Edward Lewis <Ed.Lewis () neustar biz>
Date: Mon, 23 May 2005 13:50:25 -0400


At 10:37 -0700 5/23/05, william(at)elan.net wrote:

You do need "trusted third party" to act as PKI root signer. We're lucky
because unlike other places, we do have hierarchy with ip addresses and
ASNs and NIR is the "root" organization.


Don't confuse cryptography with security.

You need one trusted third party to arrange for the cryptography toscale (work). You need a different third party to help authenticate(secure) the routing data.


IMHO, you don't necessarily want these two third parties to be the same.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

If you knew what I was thinking, you'd understand what I was saying.

Current thread:

Re: soBGP deployment, (continued)
- - - Re: soBGP deployment Tony Li (May 26)
    - Re: soBGP deployment william(at)elan.net (May 26)
    - Re: soBGP deployment Todd Underwood (May 27)
    - Re: [s,o]BGP deployment bmanning (May 27)
    - Re: [s,o]BGP deployment Randy Bush (May 27)
    - Re: [s,o]BGP deployment Lucy E. Lynch (May 27)
    - Re: [s,o]BGP deployment bmanning (May 27)
    - Re: soBGP deployment Tony Li (May 28)
    - Re: soBGP deployment Russ White (May 24)
    - Message not available
    - Re: soBGP deployment Jay R. Ashworth (May 23)
    - Re: soBGP deployment Edward Lewis (May 23)
    - Re: soBGP deployment Russ White (May 23)
    - Re: soBGP deployment Russ White (May 23)
    - Re: soBGP deployment Florian Weimer (May 24)
    - Re: soBGP deployment Alexei Roudnev (May 24)
  - Re: soBGP deployment Iljitsch van Beijnum (May 22)