[86924] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Nov 22 15:45:56 2005
From: Randy Bush <randy@psg.com>
Date: Tue, 22 Nov 2005 10:45:23 -1000
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
>>> I believe a web of trust can be operationally feasible only if the web
>>> is more like a forest - if there are several well known examples of
>>> "tops" to the web. Otherwise, you have to be storing a plethora of
>>> different signers' certificates to be able to validate all the
>>> institution's certificates that come in.
>>
>> you need those certs to verify the live data anyway
>>
> Right. The real issue is the trust determination -- how do you know
> that the certificate corresponds to something resembling reality
> (whatever that is)?
for how many years have i been asking you and your evil-minded cert
designing friends for a pgp-like web of trust cert that could be
used for just this application?
randy
