Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: George Michaelson
Date: Wed Nov 23 21:01:55 2005

On Wed, 23 Nov 2005 17:54:44 -0800 (PST)
"william(at)elan.net" <william@elan.net> wrote:

> 
> 
> On Thu, 24 Nov 2005, George Michaelson wrote:
> 
> > According to what I understand, there have to be two certificates
> > per entity:
> >
> > 	one is the CA-bit enabled certificate, used to sign
> > subsidiary certificates about resources being given to other people
> > to use.
> >
> > 	the other is a self-signed NON-CA certificate, used to sign
> > 	route assertions you are attesting to yourself: you make
> > this cert using the CA cert you get from your logical parent.
> 
> So how is the 2nd one different from the first?  

the important distinction is that the certificate used to sign resource
assertions doesn't have the CA bit set.

-George

Follow-Ups:
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin

References:
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Sandy Murphy
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net

Prev by Date: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
Next by Date: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
Date Index
Thread Index
Author Index
Historical