[86950] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Nov 23 21:39:42 2005
From: Randy Bush <randy@psg.com>
Date: Wed, 23 Nov 2005 16:39:11 -1000
To: George Michaelson <ggm@apnic.net>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
>> [0] - i'll want the business cert to have the ca bit if i am
>> large enough to have internal authorization process, and
>> thus want to create and manage different certs for dns,
>> billing, ...
>
> We are discussing how we can do subsidiary certificate services like
> this in APNIC but I think this goes outside of routing policy and into
> registry business practices which are unlikely to be common for all RIR
> and NIR in the ways that resource certificates *have* to be.
if it is not common across registries, and if my certs do not
work across registries, then something is very very broken,
and a major pita at the isps', aka your members', expense.
randy
