Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Randy Bush
  • Date: Mon Nov 28 21:46:35 2005

> proof of identity
> S(withRIRkey, AS_A_key, AS_A)
> or
> S(withwebofttrustkeys, AS_A_key, AS_A)
>              maybe Randy is saying this is two steps, not an "OR"

S(withRIRkey, someNonRIRidentity, asA)

i.e. the rir attests that the entity whose identity is externally
certified has been issued asA (or prefixP).

the isp may have gotten their identity from thawte, some web
of trust, or santa claus.  the point, as smb notes, is that
the public cert of the isp is given to the rir(s) as part of
the business contract.  it has no need to be rir-generated,
though the rirs offering cert generation as a service will
likely be useful to small lirs who have no other corporate
buiness/privacy preferences.

randy





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.