24 Nov
2005
24 Nov
'05
2:23 p.m.
* Sandy Murphy:
How would you feel about having the registries serve as the root of a hierarchical certificate system?
What about the swamp space?
So an institution would have its "certificate" signed by its upstream (or one of its upstream) providers.
(Don't know where that quote comes from.) Why is this significantly better than ISP filters which prevent bogus announcements from reaching wide propagation? I've seen bogus annoucements for which big ISPs have created corresponding RADB entries. Wouldn't they just create certificates in the new "secure BGP", and nothing is won?