On Tue, 22 Nov 2005, Randy Bush wrote:
> > the idea is that the *end-user* is supposed to know what's legit
> > and what isn't.
>
> no. all asn admins, including tier 1 through tier 42 and leaf
> asns.
Bah. Forgive my stupidity, please. We got into the discussion of PKI and
PGP-style trust m
> the idea is that the *end-user* is supposed to know what's legit
> and what isn't.
no. all asn admins, including tier 1 through tier 42 and leaf
asns.
users are not involved in routing, except of course when the
ivtf is desperate to shim up v6.
randy
On Tue, 22 Nov 2005, william(at)elan.net wrote:
> I also seem to remember Bill Woodcock suggesting this at some ARIN
> meeting in 2001 or 2002. If I recall he proposed that this be somewhat
> like a document trust with no operations (beyond providing NS service)
> and when so
On Tue, 22 Nov 2005, Randy Bush wrote:
[ before you say it, i have suggested that a pseudo-rir be created
for legacy asns and prefixes ]
I also seem to remember Bill Woodcock suggesting this at some ARIN
meeting in 2001 or 2002. If I recall he proposed that this be somewhat
like a document
On Tue, 22 Nov 2005, Bora Akyol wrote:
Furthermore, given that a trust algebra may yield a trust
value, rather than a simple 0/1, is it reasonable to use that
assessment as a BGP preference selector? That would tie the
security very deeply -- too deeply? -- into BGP's guts.
If you take the
Randy:
> >for how many years have i been asking you and your evil-minded cert
> >designing friends for a pgp-like web of trust cert that could be
> >used for just this application?
> >
Steven B:
> of subsidiaries or allied evil ASs vouching for each other. OTOH,
> there are some situations
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Steven M. Bellovin
> Sent: Tuesday, November 22, 2005 12:54 PM
> To: Randy Bush
> Cc: [EMAIL PROTECTED]
> Subject: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
>
<..>
> Furthermor
[ you know all this, but i think it is worth going through the
exercise ]
> That said, I think the problem is that we need an algebra of trust
> that will let a program, not a human, decide whether or not to trust a
> certficate. You don't want to accept something if it's a twisty loop
> of su
In message <[EMAIL PROTECTED]>, Randy Bush writes:
I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
"tops" to the web. Otherwise, you have to be storing a plethora of
different signers' c
>>> I believe a web of trust can be operationally feasible only if the web
>>> is more like a forest - if there are several well known examples of
>>> "tops" to the web. Otherwise, you have to be storing a plethora of
>>> different signers' certificates to be able to validate all the
>>> institut
>Otherwise, you have to be storing a plethora of
>> different signers' certificates to be able to validate all the
>> institution's certificates that come in.
>
>you need those certs to verify the live data anyway
Yes, the reason why you want to validate the institution's certificates
is so you c
In message <[EMAIL PROTECTED]>, Randy Bush writes:
>
>> I believe a web of trust can be operationally feasible only if the web
>> is more like a forest - if there are several well known examples of
>> "tops" to the web. Otherwise, you have to be storing a plethora of
>> different signers' certifi
> I believe a web of trust can be operationally feasible only if the web
> is more like a forest - if there are several well known examples of
> "tops" to the web. Otherwise, you have to be storing a plethora of
> different signers' certificates to be able to validate all the
> institution's cert
>Hierarchical relationships breed "reptiles" because of the inherent
>asymmetric business relationship that results.
>...
>Frankly, I am quite impressed with the address registries.
How would you feel about having the registries serve as the root of
a hierarchical certificate system?
>So an inst
>> bummer that. data not being collected. one weeps to think of
>> all those announcements lost forever.
>>
>> is a data gap like a mineshaft gap?
Just to be clear:
The box that hung was route-views.routeviews.org. We
collect 'sh ip bgp' RIBs from this box on 2 hour
On Tue, Nov 22, 2005 at 10:16:11AM +0200, Hank Nussbacher wrote:
>
> I am unable to telnet or ping route-views.routeviews.org. No event listed
> at http://www.routeviews.org/update.html
>
> Is it just me?
Sorry folks, we've been having a memory fragmentation
problem. Should be
Hey,
Could someone please point me out if there is already boxes that support
acting as (H)VLPS HUB's for Martini EoMPLS spokes, with VLAN rewrite?
Hopefully this helps more than hurts:
L2_cust--L2--PE1---EoMPLS-+
|
L2_cust--L2--PE2---EoMPLSPE4-
thanks!
> gin-ldn-core1>sh ip b s | i 6447
> 128.223.60.102 4 6447 126140 15302644 13717324100 6w0d 0
> 128.223.60.103 4 6447 233238 16068732 000 01:03:48 Active
bummer that. data not being collected. one weeps to think of
all those announcements lost forever.
is
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De
> la part de Randy Bush
> Envoyé : mardi 22 novembre 2005 09:35
> À : Edward W. Ray
> Cc : [EMAIL PROTECTED]
> Objet : RE: route-views.routeviews.org down?
>
>
> > 1555 ms55 ms55 ms www.routeviews
> 1555 ms55 ms55 ms www.routeviews.org [128.223.61.18]
he did not mean the web server. try route views,
route-views.oregon-ix.net 128.223.60.103
as i peer with rv2 and not rv, i can not tell you how bgp
sessions are. could some noc which peers with rv please
check and report.
No problem here
754 ms53 ms52 ms as-0-0.mp1.Seattle1.Level3.net
[209.247.10.137]
851 ms51 ms51 ms ge-10-1.hsa2.Seattle1.Level3.net
[4.68.105.71]
951 ms56 ms57 ms unknown.Level3.net [63.211.200.246]
1042 ms40 ms41 ms ptck-core2-gw.nero.net
> Is it just me?
no, but i can get to rv2
randy
I am unable to telnet or ping route-views.routeviews.org. No event listed
at http://www.routeviews.org/update.html
Is it just me?
-Hank
23 matches
Mail list logo