On Sun, 23 Aug 2020 12:40:19 +0000 Dovid Bender <dovid@telecurve.com> wrote:
Ok. So here is another n00b question. Why don't we have something where when we advertise IP space we also pass along a cert [...]
Take a look at: Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BGP). IEEE Journal on Selected areas in Communications 18, 4 (2000), 582–592. and Russ White. 2003. Securing BGP: soBGP. Internet Protocol Journal 6, 3 (Sept. 2003), 15–22. Two precursors to the system we have today. Both proposed some form of including PKI-related matter in BGP messages. Neither system gained much actual traction outside of the design phase as far as I know. Some might suggest that a lot of time was spent debating how to do it with little actual progress or experimentation done. The current approach has echoes of those ideas with the obvious difference as you imply, it is independent from BGP. This poses some challenges to providing a complete solution, but was probably necessary for deployment and might prove useful if something other than wants to BGP uses it. John