North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP Security and PKI Hierarchies
* Sandy Murphy: > How would you feel about having the registries serve as the root of > a hierarchical certificate system? What about the swamp space? >>So an institution would have its "certificate" signed >>by its upstream (or one of its upstream) providers. (Don't know where that quote comes from.) Why is this significantly better than ISP filters which prevent bogus announcements from reaching wide propagation? I've seen bogus annoucements for which big ISPs have created corresponding RADB entries. Wouldn't they just create certificates in the new "secure BGP", and nothing is won?