Re: key change for TCP-MD5

["Crist Clark" <Crist.Clark () globalstar com>]

> > > On 6/20/2006 at 12:33 PM, Iljitsch van Beijnum <iljitsch () muada com> wrote:

> On 20-jun-2006, at 21:23, Randy Bush wrote:
>
> > > What if we agree to change the key on our BGP session, I add the new
> > > key on my side and start sending packets using the new key, while you
> > > don't have the new key in your configuration yet?
>
> > again: try reading the draft
>
> I've read the draft and it "solves" this problem with timing. That's  
> insufficient because it requires that both sides do the right thing  
> at the right time without any way to verify whether the other side is  
> ready. What if one side didn't make the change, or entered the wrong  
> key?

Uh, isn't what this,

   "In particular, if a key change has just been
   attempted but such segments are not acknowledged, it is reasonable to
   fall back to the previous key and issue an alert of some sort."

Is for? Automated fallback if a new key doesn't work?
-- 

Crist J. Clark                               crist.clark () globalstar com
Globalstar Communications                                (408) 933-4387


B¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity 
named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to 
deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying 
of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () 
globalstar com