Validating rights to announce a prefix

michael.dillon at bt.com michael.dillon at bt.com
Fri Aug 15 05:29:25 CDT 2008


> It's hard to switch to a more secure method later on if you 
> start with a less secure one. So, "upgrading" to PKI from 
> something else only makes sense if that previous system was 
> secure enough - but then why would you want to change?

If the delegation information expires, which it should to ensure
that it still is current, then it should not be so hard to upgrade
the security of the system.

As for why, that's so that people will actually start using
the system instead of fretting about who holds the keys to it
all.

Similarly, this should all be about OSS systems, and not touch
any routers or BGP processes at all. It is up to the individual
ISP to decide how they want to use the information and how 
and when they want to push it into their BGP speaking routers.

--Michael Dillon




More information about the NANOG mailing list