[81019] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Edward Lewis)
Mon May 23 13:58:12 2005
In-Reply-To: <Pine.LNX.4.62.0505231031490.4265@sokol.elan.net>
Date: Mon, 23 May 2005 13:50:25 -0400
To: "william(at)elan.net" <william@elan.net>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
At 10:37 -0700 5/23/05, william(at)elan.net wrote:
>You do need "trusted third party" to act as PKI root signer. We're lucky
>because unlike other places, we do have hierarchy with ip addresses and
>ASNs and NIR is the "root" organization.
Don't confuse cryptography with security.
You need one trusted third party to arrange for the cryptography to
scale (work). You need a different third party to help authenticate
(secure) the routing data.
IMHO, you don't necessarily want these two third parties to be the same.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
If you knew what I was thinking, you'd understand what I was saying.
