[86928] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (Steven J. Sobol)
Tue Nov 22 23:15:16 2005
Date: Tue, 22 Nov 2005 23:14:46 -0500 (EST)
From: "Steven J. Sobol" <sjsobol@JustThe.net>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: nanog@nanog.org
In-Reply-To: <20051122205420.59B773BFE8C@berkshire.machshav.com>
Errors-To: owner-nanog@merit.edu
Randy:
> >for how many years have i been asking you and your evil-minded cert
> >designing friends for a pgp-like web of trust cert that could be
> >used for just this application?
> >
Steven B:
> of subsidiaries or allied evil ASs vouching for each other. OTOH,
> there are some situations where we know that absolute trust is
> indicated -- say, 701 signing 702's certificate, or an upstream signing
> the address certificate for a customer.
Well, there's the rub. You know who runs AS701 and AS702. Presumably most
of us do (although I don't know who runs 702 off the top of my head. 701
is UUNET/MCI, no? I don't do BGP).
I like the web 'o' trust idea, but the idea is that the *end-user* is
supposed to know what's legit and what isn't. In most cases, we're not the
end-users.
--
Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://SteveSobol.com/
E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307
