BGP Security and PKI Hierarchies (was: Re: Wifi Security)

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> proof of identity
> S(withRIRkey, AS_A_key, AS_A)
> or
> S(withwebofttrustkeys, AS_A_key, AS_A)
>              maybe Randy is saying this is two steps, not an "OR"

S(withRIRkey, someNonRIRidentity, asA)

i.e. the rir attests that the entity whose identity is externally
certified has been issued asA (or prefixP).

the isp may have gotten their identity from thawte, some web
of trust, or santa claus.  the point, as smb notes, is that
the public cert of the isp is given to the rir(s) as part of
the business contract.  it has no need to be rir-generated,
though the rirs offering cert generation as a service will
likely be useful to small lirs who have no other corporate
buiness/privacy preferences.

randy

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]