potential new IETF WG on anonymous IPSec
touch at ISI.EDU
Fri Sep 17 11:02:46 PDT 2004
Ian Grigg wrote:
>> I wouldn't think that the encryption need be opportunistic; in the BGP
>> backbone world, as you noted, peers are known a-priori, and should
>> have certs that could be signed by well-known, trusted CAs.
> Let's see if I can make these assumptions clearer, because
> I still perceive that CAs have no place in BGP, and you seem
> to be assuming that they do.
I should have said "could have certs". BGP could use shared secrets or
CAs; it may be the case that anonymous security (as at least I call it)
doesn't map well to BGP, in which you usually know who you want to
trust. It may still help, though - e.g., in the case of the recent TCP
RST attacks, it would have.
The rest of your note focuses on the difference between two-party trust
and trust using a shared third party. The former degenerates to the
latter where I sign your cert, though ;-) I agree that for BGP the
two-party case is probably more relevant, though there some BGP peerings
are based on trust relationships of sets of parties that can - or
already do - have trusted third-party coordination outside BGP.
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the cypherpunks-legacy