|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
> So when one receives an update, which part is it that you verify with > the certificate derived from the RIR chain and which part is it that you > verify with the certificate derived from the web-of-trust? I'm guessing > the answer in part is that there's a signature attesting to the > prefix origination based on the RIR-rooted certificate, but I'm not > certain what you are suggesting you would sign with the web-of-trust > based ISP identity certificate (the origination announcement, indicating > that it is not only authorization to originate but also source > authentication?) something like the rir attests to the delegation of the prefix and an asn to the identified isp. the isp signs, using their isp identity to o originating from the asn o originating that prefix (in sbgp, toward another isp) o possibly delegating a subset of that prefix o passing other prefixes on (in sbgp, toward ...) but either you, smb, or jis should be able to get it more correctly than i. randy
|