[86970] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Nov 26 02:41:49 2005
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Randy Bush <randy@psg.com>, nanog@nanog.org
In-Reply-To: Your message of "Thu, 24 Nov 2005 20:26:56 +0100."
<87y83d26f3.fsf@mid.deneb.enyo.de>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 26 Nov 2005 02:40:56 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1132990856_2891P
Content-Type: text/plain; charset=us-ascii
On Thu, 24 Nov 2005 20:26:56 +0100, Florian Weimer said:
> Wouldn't this provide significant economic incentive towards gaining a
> high value on this metric? I'm not sure if this a good idea because
> even if you call it a "trust metric", it does not have to correspond
> to ethical behavior.
Wrong concept of "trust". There exist vendors that I *expect* will
treat me in an unethical way, while being totally open as to their identity.
Think of it as going to buy a used car, and *knowing* that there are shady
and unethical dealings going on, but knowing to a high degree of certainty
that the salesmen perpetrating the fraud are in fact authorized and are acting
on behalf of the dealership, and aren't somebody in a cheap suit that came in
off the street and borrowed the office while the real salesman was out for a
few days for a family emergency....
(And yes, there actually *was* somebody who pulled that fraud a while back nearby
here - I wish I could find a citation...)
--==_Exmh_1132990856_2891P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFDiBGIcC3lWbTT17ARAt6bAKDHbXY1jkJ+VQT31ep/RR413ztpYACdG2VJ
Hlebj+OdLWXo83unFe33cOA=
=NeuM
-----END PGP SIGNATURE-----
--==_Exmh_1132990856_2891P--
