North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
- From: Steven J. Sobol
- Date: Tue Nov 22 23:16:04 2005
> >for how many years have i been asking you and your evil-minded cert
> >designing friends for a pgp-like web of trust cert that could be
> >used for just this application?
> of subsidiaries or allied evil ASs vouching for each other. OTOH,
> there are some situations where we know that absolute trust is
> indicated -- say, 701 signing 702's certificate, or an upstream signing
> the address certificate for a customer.
Well, there's the rub. You know who runs AS701 and AS702. Presumably most
of us do (although I don't know who runs 702 off the top of my head. 701
is UUNET/MCI, no? I don't do BGP).
I like the web 'o' trust idea, but the idea is that the *end-user* is
supposed to know what's legit and what isn't. In most cases, we're not the
Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://SteveSobol.com/
E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307