Hacker News new | past | comments | ask | show | jobs | submit login

If you can't trust your cert authorities, you are already rather fucked, routing errors or no.



Why should I need to trust some vague certificate authority? I'd rather trust DANE/TLSA and DNSSEC. Or something similar.

Solving the trust problem in routing would require ISPs to manually whitelist which AS advertisements are valid on any given interconnect - you know something is wrong if Comcast advertises some Virgin Media network, or whatever.

Encryption by itself can't solve trust. It can only protect against MITM.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: