nanog mailing list archives
Re: key change for TCP-MD5
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 20 Jun 2006 21:16:05 +0200
On 20-jun-2006, at 21:12, Bora Akyol wrote:
The draft allows you to have a set of keys in your keychain and the implementation tries all of them before declaring the segment as invalid.
No time synchronization required. No BGP message required.
What if we agree to change the key on our BGP session, I add the new key on my side and start sending packets using the new key, while you don't have the new key in your configuration yet?
Current thread:
- Re: key change for TCP-MD5, (continued)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
- Re: key change for TCP-MD5 Randy Bush (Jun 19)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
- Re: key change for TCP-MD5 Randy Bush (Jun 19)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
- Re: key change for TCP-MD5 Edward B. DREGER (Jun 19)
- Message not available
- Re: key change for TCP-MD5 Steven M. Bellovin (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 22)
- RE: key change for TCP-MD5 David Schwartz (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Crist Clark (Jun 20)
- Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
- Re: key change for TCP-MD5 Warren Kumari (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Ross Callon (Jun 21)