BGP Security and PKI Hierarchies (was: Re: Wifi Security)
George Michaelson
ggm at apnic.net
Thu Nov 24 01:31:04 UTC 2005
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other is a self-signed NON-CA certificate, used to sign
route assertions you are attesting to yourself: you make this
cert using the CA cert you get from your logical parent.
-George
More information about the NANOG
mailing list