[86944] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

daemon@ATHENA.MIT.EDU (George Michaelson)
Wed Nov 23 20:31:32 2005

Date: Thu, 24 Nov 2005 11:31:04 +1000
From: George Michaelson <ggm@apnic.net>
To: Randy Bush <randy@psg.com>
Cc: Sandy Murphy <sandy@tislabs.com>, nanog@nanog.org
In-Reply-To: <17285.5388.346073.674493@roam.psg.com>
Errors-To: owner-nanog@merit.edu



According to what I understand, there have to be two certificates per
entity:

	one is the CA-bit enabled certificate, used to sign subsidiary
	certificates about resources being given to other people to use.

	the other is a self-signed NON-CA certificate, used to sign
	route assertions you are attesting to yourself: you make this
	cert using the CA cert you get from your logical parent.

-George


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[86944] in North American Network Operators' Group

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

daemon@ATHENA.MIT.EDU (George Michaelson)Wed Nov 23 20:31:32 2005

daemon@ATHENA.MIT.EDU (George Michaelson)
Wed Nov 23 20:31:32 2005