BGP Security and PKI Hierarchies

• Previous message (by thread): BGP Security and PKI Hierarchies
• Next message (by thread): BGP Security and PKI Hierarchies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Sandy Murphy:

> How would you feel about having the registries serve as the root of
> a hierarchical certificate system?

What about the swamp space?

>>So an institution would have its "certificate" signed
>>by its upstream (or one of its upstream) providers.

(Don't know where that quote comes from.)

Why is this significantly better than ISP filters which prevent bogus
announcements from reaching wide propagation?

I've seen bogus annoucements for which big ISPs have created
corresponding RADB entries.  Wouldn't they just create certificates in
the new "secure BGP", and nothing is won?

• Previous message (by thread): BGP Security and PKI Hierarchies
• Next message (by thread): BGP Security and PKI Hierarchies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]