North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Randy Bush
  • Date: Wed Nov 23 21:40:24 2005

>> [0] - i'll want the business cert to have the ca bit if i am
>>       large enough to have internal authorization process, and
>>       thus want to create and manage different certs for dns,
>>       billing, ...
> We are discussing how we can do subsidiary certificate services like
> this in APNIC but I think this goes outside of routing policy and into
> registry business practices which are unlikely to be common for all RIR
> and NIR in the ways that resource certificates *have* to be.

if it is not common across registries, and if my certs do not
work across registries, then something is very very broken,
and a major pita at the isps', aka your members', expense.