BGP certificate insanity was: (DHS insanity - offtopic)
Joe Abley
jabley at ca.afilias.info
Tue Apr 24 12:10:08 UTC 2007
On 24-Apr-2007, at 11:51, <michael.dillon at bt.com> wrote:
>> How can anybody be sure that the random peering tech they are
>> talking
>> to really works for the organisation listed in the whois record? By
>> visual inspection of the e-mail address?
>
> Do people really talk to random peering techs? I thought that peering
> contacts were all set up via face-to-face meetings.
Your view of the world is far from universal.
> In any case, if it
> is email authentication that you are after, putting certificates in
> your
> router will not help you.
I never suggested putting certificates in a router.
> Also, normal business practices can be very useful to establish the
> identity of people.
For sure, but I don't need to care about the identity of people if I
have am given a signed ROA which checks out back to a trust anchor I
am prepared to trust.
No crypto on routers involved.
Joe
More information about the NANOG
mailing list