nanog mailing list archives
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
From: "william(at)elan.net" <william () elan net>
Date: Wed, 23 Nov 2005 17:54:44 -0800 (PST)
On Thu, 24 Nov 2005, George Michaelson wrote:
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other is a self-signed NON-CA certificate, used to sign
route assertions you are attesting to yourself: you make this
cert using the CA cert you get from your logical parent.
So how is the 2nd one different from the first? In both cases you give permission to certain use of a resource under your control. If you look at it the only difference is: - To authorize reallocations you sign request based on another entity's ORG object, - To authorize announcement you sign request based on another entity's ASN object (can be your own ASN). But in general ASN object is also basically a type of ORG with extra data (i.e. ASN# and ASN name), so I don't see why you can't use one cert (ifsomebody does not list AS# for their org I guess they can't route independently).
-- William Leibzon Elan Networks william () elan net
Current thread:
- Re: BGP Security and PKI Hierarchies, (continued)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)
- RE: BGP Security and PKI Hierarchies Matthew Kaufman (Nov 25)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bora Akyol (Nov 22)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)