[96229] in North American Network Operators' Group
Re: BGP certificate insanity was: (DHS insanity - offtopic)
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Apr 24 08:49:26 2007
In-Reply-To: <D03E4899F2FB3D4C8464E8C76B3B68B03BE938@E03MVC4-UKBR.domain1.systemhost.net>
Cc: <nanog@merit.edu>
From: Joe Abley <jabley@ca.afilias.info>
Date: Tue, 24 Apr 2007 13:10:08 +0100
To: <michael.dillon@bt.com>
Errors-To: owner-nanog@merit.edu
On 24-Apr-2007, at 11:51, <michael.dillon@bt.com> wrote:
>> How can anybody be sure that the random peering tech they are
>> talking
>> to really works for the organisation listed in the whois record? By
>> visual inspection of the e-mail address?
>
> Do people really talk to random peering techs? I thought that peering
> contacts were all set up via face-to-face meetings.
Your view of the world is far from universal.
> In any case, if it
> is email authentication that you are after, putting certificates in
> your
> router will not help you.
I never suggested putting certificates in a router.
> Also, normal business practices can be very useful to establish the
> identity of people.
For sure, but I don't need to care about the identity of people if I
have am given a signed ROA which checks out back to a trust anchor I
am prepared to trust.
No crypto on routers involved.
Joe
