Ian Grigg wrote: ...
I wouldn't think that the encryption need be opportunistic; in the BGP backbone world, as you noted, peers are known a-priori, and should have certs that could be signed by well-known, trusted CAs.
Let's see if I can make these assumptions clearer, because I still perceive that CAs have no place in BGP, and you seem to be assuming that they do.
I should have said "could have certs". BGP could use shared secrets or CAs; it may be the case that anonymous security (as at least I call it) doesn't map well to BGP, in which you usually know who you want to trust. It may still help, though - e.g., in the case of the recent TCP RST attacks, it would have. The rest of your note focuses on the difference between two-party trust and trust using a shared third party. The former degenerates to the latter where I sign your cert, though ;-) I agree that for BGP the two-party case is probably more relevant, though there some BGP peerings are based on trust relationships of sets of parties that can - or already do - have trusted third-party coordination outside BGP. Joe [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]