[86955] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Nov 23 22:42:50 2005
From: Randy Bush <randy@psg.com>
Date: Wed, 23 Nov 2005 17:42:21 -1000
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: George Michaelson <ggm@apnic.net>,
"william(at)elan.net" <william@elan.net>,
Sandy Murphy <sandy@tislabs.com>, nanog@nanog.org
Errors-To: owner-nanog@merit.edu
> We need prefix ownership certs; these need a special field identifying the
> prefix owned. (See RFC 3779, which also describes AS certificates). We
> need the latter in CA form, for delegation.
sorry to complicate, by iana allocates as ranges which are then
subbed to rirs. so the ca bit could be set on these
randy
