BGP Security and PKI Hierarchies (was: Re: Wifi Security)
Randy Bush
randy at psg.com
Tue Nov 22 20:45:23 UTC 2005
>>> I believe a web of trust can be operationally feasible only if the web
>>> is more like a forest - if there are several well known examples of
>>> "tops" to the web. Otherwise, you have to be storing a plethora of
>>> different signers' certificates to be able to validate all the
>>> institution's certificates that come in.
>>
>> you need those certs to verify the live data anyway
>>
> Right. The real issue is the trust determination -- how do you know
> that the certificate corresponds to something resembling reality
> (whatever that is)?
for how many years have i been asking you and your evil-minded cert
designing friends for a pgp-like web of trust cert that could be
used for just this application?
randy
More information about the NANOG
mailing list