North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies

  • From: Florian Weimer
  • Date: Thu Nov 24 14:25:14 2005

* Sandy Murphy:

> How would you feel about having the registries serve as the root of
> a hierarchical certificate system?

What about the swamp space?

>>So an institution would have its "certificate" signed
>>by its upstream (or one of its upstream) providers.

(Don't know where that quote comes from.)

Why is this significantly better than ISP filters which prevent bogus
announcements from reaching wide propagation?

I've seen bogus annoucements for which big ISPs have created
corresponding RADB entries.  Wouldn't they just create certificates in
the new "secure BGP", and nothing is won?