1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// $Id$
//
// Pictures to show why I prefer the symmetric BPKI model. As far as
// I can tell, the asymmetric model is every bit as complex for me as
// the symmetric model; the only difference is the added annoyance of
// having to keep track of a larger number of BSC EE certificates.
//
// Color code:
// Black: Hosting entity
// Blue: Hosted entity
// Red: Cross-certified peer
//
// Shape code:
// Octagon: TA
// Diamond: CA
// Record: EE
digraph bpki_symmetric {
rotate = 90; size = "11,8.5"; splines = true; ratio = fill;
// Hosting entity
node [ color = black, shape = record ];
TA [ shape = octagon ];
rpkid [ label = "rpkid|{HTTPS server|HTTPS left-right client|CMS left-right}" ];
irdbd [ label = "irdbd|{HTTPS left-right server|CMS left-right}" ];
irbe [ label = "IRBE|{HTTPS left-right client|CMS left-right}" ];
// Hosted entities
node [ color = blue, fontcolor = blue ];
Alice_CA [ shape = diamond ];
Alice_EE [ label = "Alice\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Ellen_CA [ shape = diamond ];
Ellen_EE [ label = "Ellen\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
// Peers
node [ color = red, fontcolor = red, shape = diamond ];
Bob_CA;
Carol_CA;
Dave_CA;
Frank_CA;
Ginny_CA;
Harry_CA;
edge [ color = black, style = solid ];
TA -> Alice_CA;
TA -> Ellen_CA;
edge [ color = black, style = dashed ];
TA -> rpkid;
TA -> irdbd;
TA -> irbe;
edge [ color = blue, style = solid ];
Alice_CA -> Bob_CA;
Alice_CA -> Carol_CA;
Alice_CA -> Dave_CA;
Ellen_CA -> Frank_CA;
Ellen_CA -> Ginny_CA;
Ellen_CA -> Harry_CA;
edge [ color = blue, style = dashed ]
Alice_CA -> Alice_EE;
Ellen_CA -> Ellen_EE;
}
digraph bpki_asymmetric {
rotate = 90; size = "11,8.5"; splines = true; ratio = fill;
// Hosting entity
node [ color = black, shape = record ];
TA [ shape = octagon ];
rpkid [ label = "rpkid|{HTTPS server|HTTPS left-right client|CMS left-right}" ];
irdbd [ label = "irdbd|{HTTPS left-right server|CMS left-right}" ];
irbe [ label = "IRBE|{HTTPS left-right client|CMS left-right}" ];
// Hosted entities
node [ color = blue, fontcolor = blue ];
Alice_CA [ shape = diamond ];
Ellen_CA [ shape = diamond ];
// Peers
node [ color = red, fontcolor = red, shape = diamond ];
Bob_CA;
Carol_CA;
Dave_CA;
Frank_CA;
Ginny_CA;
Harry_CA;
// EE certs issued to us by peers
node [ color = red, fontcolor = red, shape = record ];
Alice_Bob_EE [ label = "Alice-Bob\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Alice_Carol_EE [ label = "Alice-Carol\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Alice_Dave_EE [ label = "Alice-Dave\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Ellen_Frank_EE [ label = "Ellen-Frank\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Ellen_Ginny_EE [ label = "Ellen-Ginny\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
Ellen_Harry_EE [ label = "Ellen-Harry\nBSC EE|{HTTPS up-down client|CMS up-down}" ];
edge [ color = black, style = solid ];
TA -> Alice_CA;
TA -> Ellen_CA;
edge [ color = black, style = dashed ];
TA -> rpkid;
TA -> irdbd;
TA -> irbe;
edge [ color = blue, style = solid ];
Alice_CA -> Bob_CA;
Alice_CA -> Carol_CA;
Alice_CA -> Dave_CA;
Ellen_CA -> Frank_CA;
Ellen_CA -> Ginny_CA;
Ellen_CA -> Harry_CA;
edge [ color = red, style = dashed ];
Bob_CA -> Alice_Bob_EE;
Carol_CA -> Alice_Carol_EE;
Dave_CA -> Alice_Dave_EE;
Frank_CA -> Ellen_Frank_EE;
Ginny_CA -> Ellen_Ginny_EE;
Harry_CA -> Ellen_Harry_EE;
}
|
