BGP Security and PKI Hierarchies (was: Re: Wifi Security)

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So when one receives an update, which part is it that you verify with
> the certificate derived from the RIR chain and which part is it that you
> verify with the certificate derived from the web-of-trust?  I'm guessing
> the answer in part is that there's a signature attesting to the
> prefix origination based on the RIR-rooted certificate, but I'm not
> certain what you are suggesting you would sign with the web-of-trust
> based ISP identity certificate (the origination announcement, indicating
> that it is not only authorization to originate but also source
> authentication?)

something like

the rir attests to the delegation of the prefix and an asn to the
identified isp.

the isp signs, using their isp identity to
  o originating from the asn
  o originating that prefix (in sbgp, toward another isp)
  o possibly delegating a subset of that prefix
  o passing other prefixes on (in sbgp, toward ...)

but either you, smb, or jis should be able to get it more correctly
than i.

randy

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]