soBGP deployment
Edward Lewis
Ed.Lewis at neustar.biz
Mon May 23 17:50:25 UTC 2005
At 10:37 -0700 5/23/05, william(at)elan.net wrote:
>You do need "trusted third party" to act as PKI root signer. We're lucky
>because unlike other places, we do have hierarchy with ip addresses and
>ASNs and NIR is the "root" organization.
Don't confuse cryptography with security.
You need one trusted third party to arrange for the cryptography to
scale (work). You need a different third party to help authenticate
(secure) the routing data.
IMHO, you don't necessarily want these two third parties to be the same.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
If you knew what I was thinking, you'd understand what I was saying.
More information about the NANOG
mailing list