Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

[Randy Bush <randy () psg com>]

> > > I believe a web of trust can be operationally feasible only if the web
> > > is more like a forest - if there are several well known examples of
> > > "tops" to the web.  Otherwise, you have to be storing a plethora of
> > > different signers' certificates to be able to validate all the
> > > institution's certificates that come in.
> >
> > you need those certs to verify the live data anyway
> Right.  The real issue is the trust determination -- how do you know 
> that the certificate corresponds to something resembling reality 
> (whatever that is)?

for how many years have i been asking you and your evil-minded cert
designing friends for a pgp-like web of trust cert that could be
used for just this application?

randy