After reading this thread well after it has ended...why does it seem
that a lot of folks equate trust with paying money?
Trust isn't about who can pay what but maintaining a system that
conveys trust does *cost* money.
The RIRs are not-for-profit themselves. That doesn't mean
It's hard to imagine an organization who can afford to run
a network using BGP to announce a class C block and not
be able to afford $1250 per year.
The Internet != for-profit-only corporate netspace.
In that case, the organization is not an ISP which
means that they are not growing
[EMAIL PROTECTED] wrote:
It's hard to imagine an organization who can afford to run
a network using BGP to announce a class C block and not
be able to afford $1250 per year.
The Internet != for-profit-only corporate netspace.
In that case, the organization is not an ISP which
means that
On Tue, 29 Nov 2005, [EMAIL PROTECTED] wrote:
It's hard to imagine an organization who can afford to run
a network using BGP to announce a class C block and not
be able to afford $1250 per year.
The Internet != for-profit-only corporate netspace.
US$1250 may be little more than a urinal
The fees are not charged for past services that were
received for free, only for future services.
So you are saying that legacy space holder who signed a memberhsip
agreement would not owe the usual yearly fee associated with their
legacy space holdings but only those fees associated with
The fees are not charged for past services that were
received for free, only for future services.
i believe Michael is extrapolating his ideal and
not the actual practice at RIRs.
Not at all. Past services are anything that was received
for free in the past. Future services are
On Tue, Nov 29, 2005 at 10:21:53AM +, [EMAIL PROTECTED] wrote:
It's hard to imagine an organization who can afford to run
a network using BGP to announce a class C block and not
be able to afford $1250 per year.
Sounds like a failure of imagination to me.
--
Richard A Steenbergen
--- Richard A Steenbergen [EMAIL PROTECTED] wrote:
On Tue, Nov 29, 2005 at 10:21:53AM +,
[EMAIL PROTECTED] wrote:
It's hard to imagine an organization who can
afford to run
a network using BGP to announce a class C block
and not
be able to afford $1250 per year.
Sounds
On 29-Nov-2005, at 09:30, David Barak wrote:
I have
yet to find an organization which is concerned about
getting new PI space which would have a problem paying
that amount per year. They may exist,
They definitely exist.
Joe
--- Joe Abley [EMAIL PROTECTED] wrote:
On 29-Nov-2005, at 09:30, David Barak wrote:
I have
yet to find an organization which is concerned
about
getting new PI space which would have a problem
paying
that amount per year. They may exist,
They definitely exist.
Okay, I'll take your
On 29-Nov-2005, at 12:16, David Barak wrote:
Maybe my imagination just isn't good enough: could you
toss me an example-type of organization where that
would be problematic?
Oh, my mistake -- you're talking about new organisations looking to
acquire PI space. I was talking about
: BGP Security and PKI Hierarchies
On 29-Nov-2005, at 12:16, David Barak wrote:
Maybe my imagination just isn't good enough: could you
toss me an example-type of organization where that
would be problematic?
Oh, my mistake -- you're talking about new organisations looking to
acquire PI space
On 29-Nov-2005, at 12:16, David Barak wrote:
Maybe my imagination just isn't good enough: could you
toss me an example-type of organization where that
would be problematic?
If we consider non-operators e.g. medium sized commercial or NGOs ...
APNIC have a mechanism in-place, but most of the
Do you suppose that if a Microsoft salesman had given me a free copy
of Windows back in 1990, I would have a right to use any version of
Windows for free forever?
I don't think this analogy exactly fits. I'm pretty sure that the
legacy
space holders think of this as: a Microsoft
Of course we could all quickly move to IPv6 and then IPv4 legacy allocations
and related legal challenges wouldn't be an issue any more ... :)
On Mon, 28 Nov 2005 [EMAIL PROTECTED] wrote:
Do you suppose that if a Microsoft salesman had given me a free copy
of Windows back in 1990, I would
Regardless of what the legacy space users think, if the
RIRs decided to sign certificates for use in BGP route
for a small fee to recover costs, and if those legacy
space holders wish to make use of this new service (like
a new version of Windows) then they have to sign up and
pay the fees. The
The/One difficulty is that signing up for this new service,
for at least one registry, requires that you sign up for the
same membership relationship as the non-legacy-holders. That
means you submit to the registry authority over the address
you were allocated for free, and obligates you to
Michael Dillon said:
The fees are not charged for past services that were
received for free, only for future services.
So you are saying that legacy space holder who signed a memberhsip
agreement would not owe the usual yearly fee associated with their
legacy space holdings but only those fees
On Mon, Nov 28, 2005 at 11:48:13AM -0500, Sandy Murphy wrote:
Michael Dillon said:
The fees are not charged for past services that were
received for free, only for future services.
So you are saying that legacy space holder who signed a memberhsip
agreement would not owe the usual
On Mon, 28 Nov 2005, Randy Bush wrote:
proof of identity
S(withRIRkey, AS_A_key, AS_A)
or
S(withwebofttrustkeys, AS_A_key, AS_A)
maybe Randy is saying this is two steps, not an OR
S(withRIRkey, someNonRIRidentity, asA)
Good idea. And this someNonRIRidentity may actually be
* Valdis Kletnieks:
On Thu, 24 Nov 2005 20:26:56 +0100, Florian Weimer said:
Wouldn't this provide significant economic incentive towards gaining a
high value on this metric? I'm not sure if this a good idea because
even if you call it a trust metric, it does not have to correspond
to
How would you feel about having the registries serve as the root of
a hierarchical certificate system?
What about the swamp space?
Presumably if the users of class C blocks in the swamp
want to use the certficate services that the registry
provides then the registries would sell that
* Michael Dillon:
How would you feel about having the registries serve as the root of
a hierarchical certificate system?
What about the swamp space?
Presumably if the users of class C blocks in the swamp
The class B assignments are even more interesting because some of them
have been
On 24 nov 2005, at 03.54, George Michaelson wrote:
If you want to see member-certificates which gate access to RIR/NIR
specific services common across all registries, I think you want to
get
that onto an RIR meeting agenda Randy.
We currently have no cross-certification activity in member
Do you suppose that if a Microsoft salesman had given me a free copy
of Windows back in 1990, I would have a right to use any version of
Windows for free forever?
I don't think this analogy exactly fits. I'm pretty sure that the legacy
space holders think of this as: a Microsoft salesman had
Michael Dillon:
Do you suppose that if a Microsoft salesman had given me a
free copy of Windows back in 1990, I would have a right to
use any version of Windows for free forever?
Any version? No. That version, particularly its fixed representation as an
unchanged string of binary digits?
On 25 nov 2005, at 02.07, Sean Donelan wrote:
Although techincal folks may think its just about math,
unfortunately some
people think certificates and signatures mean more than just
mathmatical
formulas. I'm a bit confused why people think network service
providers
will be willing to
On Thu, 24 Nov 2005 20:26:56 +0100, Florian Weimer said:
Wouldn't this provide significant economic incentive towards gaining a
high value on this metric? I'm not sure if this a good idea because
even if you call it a trust metric, it does not have to correspond
to ethical behavior.
Wrong
the rir attests to the delegation of the prefix and an asn to the
identified isp.
the isp signs, using their isp identity to
o originating from the asn
o originating that prefix (in sbgp, toward another isp)
Looks to me like:
proof of allocation:
S(withRIRkey, Prefix_p_key, prefix_p)
* Sandy Murphy:
How would you feel about having the registries serve as the root of
a hierarchical certificate system?
What about the swamp space?
So an institution would have its certificate signed
by its upstream (or one of its upstream) providers.
(Don't know where that quote comes
* Steven M. Bellovin:
Furthermore, given that a trust algebra may yield a trust value, rather
than a simple 0/1, is it reasonable to use that assessment as a BGP
preference selector? That would tie the security very deeply -- too
deeply? -- into BGP's guts.
Wouldn't this provide
* Bill Woodcock:
Right. The idea was to lock down things which were in the legacy space,
unless people were prepared to undergo the full scrutiny of having them
transferred into an RIR (basically dampen the rash of hijackings),
In the end, this boils down to disappropriation. Early
On Wed, 23 Nov 2005, Steven M. Bellovin wrote:
I think the problem is both easier and harder than painted. First, you
need a business agreement that you will accept each others' assertions
of member identities, aka certificates. Second, you have to agree on a
common format and meaning for
On Nov 22, 2005, at 2:59 PM, Randy Bush wrote:
[ you know all this, but i think it is worth going through the
exercise ]
That said, I think the problem is that we need an algebra of trust
that will let a program, not a human, decide whether or not to
trust a
certficate. You don't
not exactly. there are two trusts here. i have to accept that
asns as incompetent at configuration as i are attesting to prefixes
and paths or i won't be able to get to a large part of the net.
but this is orthogonal to my trust in their competence to attest to
the identity of other asns
On Nov 23, 2005, at 11:09 AM, Randy Bush wrote:
not exactly. there are two trusts here. i have to accept that
asns as incompetent at configuration as i are attesting to prefixes
and paths or i won't be able to get to a large part of the net.
but this is orthogonal to my trust in their
My issue is that if ISPs a) only announce networks that they know
(for different values of know - but hopefully based on some kind of
trust in the RIR's data) they are authorized to announce, and b) took
responsibility for the behavior of the paths or prefixes they
announce, and the
Rodney Joffe wrote:
As another thought: - Love 'em or hate 'em, the PSTN doesn't have this
problem.
Uh, PSTN does have this problem too. If you are part of SS7 you can totally
fake call origination information. This has been and still is abused for
criminal-malicous activities and
in operation, this means that there could be isp- (or ufo-)centric
isp identity certification (a la web of trust, for example) which
could have a very separate cert chain from that of address space
allocation, which, aside from the legacy issue, could come via the
rirs.
So when one receives an
My issue is that if ISPs a) only announce networks that they know
(for different values of know - but hopefully based on some kind of
trust in the RIR's data) they are authorized to announce, and b) took
responsibility for the behavior of the paths or prefixes they
announce, and the bits that
So when one receives an update, which part is it that you verify with
the certificate derived from the RIR chain and which part is it that you
verify with the certificate derived from the web-of-trust? I'm guessing
the answer in part is that there's a signature attesting to the
prefix
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other is a self-signed NON-CA certificate, used to sign
In message [EMAIL PROTECTED], George Michaelson writes
:
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other
On Thu, 24 Nov 2005, George Michaelson wrote:
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other is a
On Wed, 23 Nov 2005 17:54:44 -0800 (PST)
william(at)elan.net [EMAIL PROTECTED] wrote:
On Thu, 24 Nov 2005, George Michaelson wrote:
According to what I understand, there have to be two certificates
per entity:
one is the CA-bit enabled certificate, used to sign
subsidiary
According to what I understand, there have to be two certificates per
entity:
one is the CA-bit enabled certificate, used to sign subsidiary
certificates about resources being given to other people to use.
the other is a self-signed NON-CA certificate, used to sign
On Wed, 23 Nov 2005 16:03:35 -1000
Randy Bush [EMAIL PROTECTED] wrote:
According to what I understand, there have to be two certificates
per entity:
one is the CA-bit enabled certificate, used to sign
subsidiary certificates about resources being given to other people
to use.
[0] - i'll want the business cert to have the ca bit if i am
large enough to have internal authorization process, and
thus want to create and manage different certs for dns,
billing, ...
We are discussing how we can do subsidiary certificate services like
this in APNIC
On Wed, 23 Nov 2005 16:39:11 -1000
Randy Bush [EMAIL PROTECTED] wrote:
[0] - i'll want the business cert to have the ca bit if i am
large enough to have internal authorization process, and
thus want to create and manage different certs for dns,
billing, ...
We are
We are discussing how we can do subsidiary certificate services like
this in APNIC but I think this goes outside of routing policy and
into registry business practices which are unlikely to be common
for all RIR and NIR in the ways that resource certificates *have*
to be.
if it is not
In message [EMAIL PROTECTED], George Michaelson writes
:
On Wed, 23 Nov 2005 17:54:44 -0800 (PST)
william(at)elan.net [EMAIL PROTECTED] wrote:
On Thu, 24 Nov 2005, George Michaelson wrote:
According to what I understand, there have to be two certificates
per entity:
one is the
In message [EMAIL PROTECTED], Randy Bush writes:
We are discussing how we can do subsidiary certificate services like
this in APNIC but I think this goes outside of routing policy and
into registry business practices which are unlikely to be common
for all RIR and NIR in the ways that
We need prefix ownership certs; these need a special field identifying the
prefix owned. (See RFC 3779, which also describes AS certificates). We
need the latter in CA form, for delegation.
sorry to complicate, by iana allocates as ranges which are then
subbed to rirs. so the ca bit could
On Wed, 23 Nov 2005 17:42:21 -1000
Randy Bush [EMAIL PROTECTED] wrote:
We need prefix ownership certs; these need a special field
identifying the prefix owned. (See RFC 3779, which also describes
AS certificates). We need the latter in CA form, for delegation.
yes. the resource certs we
In message [EMAIL PROTECTED], Randy Bush writes:
We need prefix ownership certs; these need a special field identifying the
prefix owned. (See RFC 3779, which also describes AS certificates). We
need the latter in CA form, for delegation.
sorry to complicate, by iana allocates as ranges
Hierarchical relationships breed reptiles because of the inherent
asymmetric business relationship that results.
...
Frankly, I am quite impressed with the address registries.
How would you feel about having the registries serve as the root of
a hierarchical certificate system?
So an
I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
tops to the web. Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's
In message [EMAIL PROTECTED], Randy Bush writes:
I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
tops to the web. Otherwise, you have to be storing a plethora of
different signers' certificates to be
Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's certificates that come in.
you need those certs to verify the live data anyway
Yes, the reason why you want to validate the institution's certificates
is so you can
I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
tops to the web. Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's
In message [EMAIL PROTECTED], Randy Bush writes:
I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
tops to the web. Otherwise, you have to be storing a plethora of
different signers' certificates to be
[ you know all this, but i think it is worth going through the
exercise ]
That said, I think the problem is that we need an algebra of trust
that will let a program, not a human, decide whether or not to trust a
certficate. You don't want to accept something if it's a twisty loop
of
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Steven M. Bellovin
Sent: Tuesday, November 22, 2005 12:54 PM
To: Randy Bush
Cc: [EMAIL PROTECTED]
Subject: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
..
Furthermore, given
Randy:
for how many years have i been asking you and your evil-minded cert
designing friends for a pgp-like web of trust cert that could be
used for just this application?
Steven B:
of subsidiaries or allied evil ASs vouching for each other. OTOH,
there are some situations where we
On Tue, 22 Nov 2005, Bora Akyol wrote:
Furthermore, given that a trust algebra may yield a trust
value, rather than a simple 0/1, is it reasonable to use that
assessment as a BGP preference selector? That would tie the
security very deeply -- too deeply? -- into BGP's guts.
If you take the
On Tue, 22 Nov 2005, Randy Bush wrote:
[ before you say it, i have suggested that a pseudo-rir be created
for legacy asns and prefixes ]
I also seem to remember Bill Woodcock suggesting this at some ARIN
meeting in 2001 or 2002. If I recall he proposed that this be somewhat
like a
On Tue, 22 Nov 2005, william(at)elan.net wrote:
I also seem to remember Bill Woodcock suggesting this at some ARIN
meeting in 2001 or 2002. If I recall he proposed that this be somewhat
like a document trust with no operations (beyond providing NS service)
and when
the idea is that the *end-user* is supposed to know what's legit
and what isn't.
no. all asn admins, including tier 1 through tier 42 and leaf
asns.
users are not involved in routing, except of course when the
ivtf is desperate to shim up v6.
randy
On Tue, 22 Nov 2005, Randy Bush wrote:
the idea is that the *end-user* is supposed to know what's legit
and what isn't.
no. all asn admins, including tier 1 through tier 42 and leaf
asns.
Bah. Forgive my stupidity, please. We got into the discussion of PKI and
PGP-style trust models
Oh, I am quite aware of the BGP RP-Sec work and many people have heard
my opinion on this topic, including some on this mailing list. But I'll
re-iterate.
Hierarchical relationships breed reptiles because of the inherent
asymmetric business relationship that results. The leaves *must* do
70 matches
Mail list logo
