North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
- From: Randy Bush
- Date: Wed Nov 23 21:05:10 2005
> According to what I understand, there have to be two certificates per
> one is the CA-bit enabled certificate, used to sign subsidiary
> certificates about resources being given to other people to use.
> the other is a self-signed NON-CA certificate, used to sign
> route assertions you are attesting to yourself: you make this
> cert using the CA cert you get from your logical parent.
probably more. smb has convinced me that the (possibly ca) cert
i get from the rir, with which i do business with the rir (dns,
ip requests, billing), should be different than that which i use
for routing info.
 - i'll want the business cert to have the ca bit if i am
large enough to have internal authorization process, and
thus want to create and manage different certs for dns,