nanog mailing list archives

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Tue, 22 Nov 2005 15:32:22 -0500


In message <17283.32422.105302.757816 () roam psg com>, Randy Bush writes:

I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
"tops" to the web.  Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's certificates that come in.


you need those certs to verify the live data anyway

Right.  The real issue is the trust determination -- how do you know 
that the certificate corresponds to something resembling reality 
(whatever that is)?

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
  - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bill Woodcock (Nov 22)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)

(Thread continues...)