|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
In message <[email protected]>, Randy Bush writes: > >> I believe a web of trust can be operationally feasible only if the web >> is more like a forest - if there are several well known examples of >> "tops" to the web. Otherwise, you have to be storing a plethora of >> different signers' certificates to be able to validate all the >> institution's certificates that come in. > >you need those certs to verify the live data anyway > Right. The real issue is the trust determination -- how do you know that the certificate corresponds to something resembling reality (whatever that is)? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
|