On Wednesday, February 27, 2019 at 8:54:35 AM UTC-6, Jakob Bohm wrote: > One hypothetical use would be to secure BGP traffic, as certificates > with IpAddress SANs are less commonly supported.
The networking / interconnection world has already worked out the trust hierarchy for the RPKI scheme. As there are a number of global RIRs who are the authoritative source of ASN and IP space information, they've elected to themselves be the Root CAs involved. Its an interesting infrastructure. You can learn more about it here: https://www.arin.net/resources/rpki/index.html _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy