North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Steven J. Sobol
  • Date: Tue Nov 22 23:16:04 2005


> >for how many years have i been asking you and your evil-minded cert
> >designing friends for a pgp-like web of trust cert that could be
> >used for just this application?
> >

Steven B:
> of subsidiaries or allied evil ASs vouching for each other.  OTOH, 
> there are some situations where we know that absolute trust is 
> indicated -- say, 701 signing 702's certificate, or an upstream signing 
> the address certificate for a customer.

Well, there's the rub. You know who runs AS701 and AS702. Presumably most 
of us do (although I don't know who runs 702 off the top of my head. 701 
is UUNET/MCI, no? I don't do BGP).

I like the web 'o' trust idea, but the idea is that the *end-user* is 
supposed to know what's legit and what isn't. In most cases, we're not the 

Steve Sobol, Professional Geek   888-480-4638   PGP: 0xE3AE35ED
Company website:
Personal blog, resume, portfolio:
E: [email protected] Snail: 22674 Motnocab Road, Apple Valley, CA 92307