Randy:
for how many years have i been asking you and your evil-minded cert designing friends for a pgp-like web of trust cert that could be used for just this application?
Steven B:
of subsidiaries or allied evil ASs vouching for each other. OTOH, there are some situations where we know that absolute trust is indicated -- say, 701 signing 702's certificate, or an upstream signing the address certificate for a customer.
Well, there's the rub. You know who runs AS701 and AS702. Presumably most of us do (although I don't know who runs 702 off the top of my head. 701 is UUNET/MCI, no? I don't do BGP). I like the web 'o' trust idea, but the idea is that the *end-user* is supposed to know what's legit and what isn't. In most cases, we're not the end-users. -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: sjsobol@JustThe.net Snail: 22674 Motnocab Road, Apple Valley, CA 92307