North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Randy Bush
  • Date: Tue Nov 22 15:47:48 2005

>>> I believe a web of trust can be operationally feasible only if the web
>>> is more like a forest - if there are several well known examples of
>>> "tops" to the web.  Otherwise, you have to be storing a plethora of
>>> different signers' certificates to be able to validate all the
>>> institution's certificates that come in.
>> you need those certs to verify the live data anyway
> Right.  The real issue is the trust determination -- how do you know 
> that the certificate corresponds to something resembling reality 
> (whatever that is)?

for how many years have i been asking you and your evil-minded cert
designing friends for a pgp-like web of trust cert that could be
used for just this application?