BGP Security and PKI Hierarchies (was: Re: Wifi Security)

Sandy Murphy sandy at tislabs.com
Tue Nov 22 20:31:11 UTC 2005


>Otherwise, you have to be storing a plethora of
>> different signers' certificates to be able to validate all the
>> institution's certificates that come in.
>
>you need those certs to verify the live data anyway

Yes, the reason why you want to validate the institution's certificates
is so you can verify the data signed with that cert (signed with the private
key associated with the public key in the cert, to be explicit).

--Sandy



More information about the NANOG mailing list