North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Randy Bush
  • Date: Mon Nov 28 21:46:35 2005

> proof of identity
> S(withRIRkey, AS_A_key, AS_A)
> or
> S(withwebofttrustkeys, AS_A_key, AS_A)
>              maybe Randy is saying this is two steps, not an "OR"

S(withRIRkey, someNonRIRidentity, asA)

i.e. the rir attests that the entity whose identity is externally
certified has been issued asA (or prefixP).

the isp may have gotten their identity from thawte, some web
of trust, or santa claus.  the point, as smb notes, is that
the public cert of the isp is given to the rir(s) as part of
the business contract.  it has no need to be rir-generated,
though the rirs offering cert generation as a service will
likely be useful to small lirs who have no other corporate
buiness/privacy preferences.

randy