[86956] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (George Michaelson)
Wed Nov 23 22:44:58 2005
Date: Thu, 24 Nov 2005 13:44:18 +1000
From: George Michaelson <ggm@apnic.net>
To: Randy Bush <randy@psg.com>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
"william(at)elan.net" <william@elan.net>,
Sandy Murphy <sandy@tislabs.com>, nanog@nanog.org
In-Reply-To: <17285.13981.462449.539200@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On Wed, 23 Nov 2005 17:42:21 -1000
Randy Bush <randy@psg.com> wrote:
> > We need prefix ownership certs; these need a special field
> > identifying the prefix owned. (See RFC 3779, which also describes
> > AS certificates). We need the latter in CA form, for delegation.
yes. the resource certs we are making, the test certs, have CA bit set,
and include RFC3779 fields for ASN, IPv4 and IPv6 ranges, using the
range ASN.1 notation for ASN ranges.
>
> sorry to complicate, by iana allocates as ranges which are then
> subbed to rirs. so the ca bit could be set on these
for the APNIC resource certificates in test, they are.
cheers
-George
>
> randy
>
--
George Michaelson | APNIC
Email: ggm@apnic.net | PO Box 2131 Milton
Phone: +61 7 3858 3150 | QLD 4064 Australia
Fax: +61 7 3858 3199 | http://www.apnic.net
