Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Steven M. Bellovin
  • Date: Tue Nov 22 15:34:09 2005 
In message <17283.32422.105302.757816@roam.psg.com>, Randy Bush writes:
>
>> I believe a web of trust can be operationally feasible only if the web
>> is more like a forest - if there are several well known examples of
>> "tops" to the web.  Otherwise, you have to be storing a plethora of
>> different signers' certificates to be able to validate all the
>> institution's certificates that come in.
>
>you need those certs to verify the live data anyway
>
Right.  The real issue is the trust determination -- how do you know 
that the certificate corresponds to something resembling reality 
(whatever that is)?

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.