BGP over TLS

Bjørn Mork bjorn at mork.no
Mon Oct 21 20:35:58 UTC 2019


Jeffrey Haas <jhaas at pfrc.org> writes:

>  Exactly how the cert lifetime interacts with peering sessions is
>  likely to be several flavors of ugly.

If you pin the key, then there is no reason to care about expiration.
You could define the certificate as valid for as long as the pinned key
matches.  This is similar to what DANE does.


Bjørn



More information about the NANOG mailing list