North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
> According to what I understand, there have to be two certificates per > entity: > > one is the CA-bit enabled certificate, used to sign subsidiary > certificates about resources being given to other people to use. > > the other is a self-signed NON-CA certificate, used to sign > route assertions you are attesting to yourself: you make this > cert using the CA cert you get from your logical parent. probably more. smb has convinced me that the (possibly ca[0]) cert i get from the rir, with which i do business with the rir (dns, ip requests, billing), should be different than that which i use for routing info. randy --- [0] - i'll want the business cert to have the ca bit if i am large enough to have internal authorization process, and thus want to create and manage different certs for dns, billing, ...
|