[106863] in North American Network Operators' Group
RE: Validating rights to announce a prefix
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Fri Aug 15 06:29:34 2008
Date: Fri, 15 Aug 2008 11:29:25 +0100
In-Reply-To: <48A557AD.5030409@ripe.net>
From: <michael.dillon@bt.com>
To: <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> It's hard to switch to a more secure method later on if you=20
> start with a less secure one. So, "upgrading" to PKI from=20
> something else only makes sense if that previous system was=20
> secure enough - but then why would you want to change?
If the delegation information expires, which it should to ensure
that it still is current, then it should not be so hard to upgrade
the security of the system.
As for why, that's so that people will actually start using
the system instead of fretting about who holds the keys to it
all.
Similarly, this should all be about OSS systems, and not touch
any routers or BGP processes at all. It is up to the individual
ISP to decide how they want to use the information and how=20
and when they want to push it into their BGP speaking routers.
--Michael Dillon
