nanog mailing list archives
Re: md5 for bgp tcp sessions
From: Todd Underwood <todd () renesys com>
Date: Thu, 23 Jun 2005 10:27:49 -0400
marty, On Thu, Jun 23, 2005 at 10:22:07AM -0400, Hannigan, Martin wrote:
rolling out magic code because your vendor tells you to is a bad idea;That's mostly the result of the calamitous failure in vulnerability release methodology, not Operator stupidity.
totally agreed. vendors c, j and several others should be *ashamed* of the way that they handled and continue to handle this issue: they have yet to admit that they raised a panic (in secret, with no facts, so that they could not be refuted) over a basic fact of the way tcp works, creating outages and instability to fix a non-problem. operators in those circumstances had little choice but to roll out "critical security fixes", but i think we all deserve an apology, an explanation and a commitment to do better in the future. t -- _____________________________________________________________________ todd underwood director of operations & security renesys - interdomain intelligence todd () renesys com www.renesys.com
Current thread:
- Re: md5 for bgp tcp sessions, (continued)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)
- Re: md5 for bgp tcp sessions Patrick W. Gilmore (Jun 22)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 23)
- Re: md5 for bgp tcp sessions Eric Gauthier (Jun 23)
- Re: md5 for bgp tcp sessions Joe Abley (Jun 23)
- Re: md5 for bgp tcp sessions Robert E . Seastrom (Jun 23)
- RE: md5 for bgp tcp sessions Barry Greene (bgreene) (Jun 23)
- RE: md5 for bgp tcp sessions Hannigan, Martin (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Jared Mauch (Jun 23)
- Re: md5 for bgp tcp sessions Todd Underwood (Jun 23)
- Re: md5 for bgp tcp sessions Richard A Steenbergen (Jun 22)