Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Randy Bush
  • Date: Wed Nov 23 21:05:10 2005

> According to what I understand, there have to be two certificates per
> entity:
> 
> 	one is the CA-bit enabled certificate, used to sign subsidiary
> 	certificates about resources being given to other people to use.
> 
> 	the other is a self-signed NON-CA certificate, used to sign
> 	route assertions you are attesting to yourself: you make this
> 	cert using the CA cert you get from your logical parent.

probably more.  smb has convinced me that the (possibly ca[0]) cert
i get from the rir, with which i do business with the rir (dns,
ip requests, billing), should be different than that which i use
for routing info.

randy 

---

[0] - i'll want the business cert to have the ca bit if i am
      large enough to have internal authorization process, and
      thus want to create and manage different certs for dns,
      billing, ...





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.