nanog mailing list archives

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: George Michaelson <ggm () apnic net>
Date: Thu, 24 Nov 2005 12:54:28 +1000


On Wed, 23 Nov 2005 16:39:11 -1000
Randy Bush <randy () psg com> wrote:

[0] - i'll want the business cert to have the ca bit if i am
      large enough to have internal authorization process, and
      thus want to create and manage different certs for dns,
      billing, ...


We are discussing how we can do subsidiary certificate services like
this in APNIC but I think this goes outside of routing policy and
into registry business practices which are unlikely to be common
for all RIR and NIR in the ways that resource certificates *have*
to be.


if it is not common across registries, and if my certs do not
work across registries, then something is very very broken,
and a major pita at the isps', aka your members', expense.

randy


If you want to see member-certificates which gate access to RIR/NIR
specific services common across all registries, I think you want to get
that onto an RIR meeting agenda Randy.

We currently have no cross-certification activity in member identity.

cheers

-George

Current thread:

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security), (continued)
- - - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sean Donelan (Nov 24)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Kurt Erik Lindqvist (Nov 25)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Kurt Erik Lindqvist (Nov 25)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy (Nov 24)
  - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 28)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 28)