nanog mailing list archives
Re: key change for TCP-MD5
From: "Crist Clark" <Crist.Clark () globalstar com>
Date: Tue, 20 Jun 2006 12:56:36 -0700
On 6/20/2006 at 12:33 PM, Iljitsch van Beijnum <iljitsch () muada com> wrote:
On 20-jun-2006, at 21:23, Randy Bush wrote:What if we agree to change the key on our BGP session, I add the new key on my side and start sending packets using the new key, while you don't have the new key in your configuration yet?again: try reading the draftI've read the draft and it "solves" this problem with timing. That's insufficient because it requires that both sides do the right thing at the right time without any way to verify whether the other side is ready. What if one side didn't make the change, or entered the wrong key?
Uh, isn't what this, "In particular, if a key change has just been attempted but such segments are not acknowledged, it is reasonable to fall back to the previous key and issue an alert of some sort." Is for? Automated fallback if a new key doesn't work? -- Crist J. Clark crist.clark () globalstar com Globalstar Communications (408) 933-4387 BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- Re: key change for TCP-MD5, (continued)
- Re: key change for TCP-MD5 Randy Bush (Jun 19)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
- Re: key change for TCP-MD5 Edward B. DREGER (Jun 19)
- Message not available
- Re: key change for TCP-MD5 Steven M. Bellovin (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 22)
- RE: key change for TCP-MD5 David Schwartz (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Crist Clark (Jun 20)
- Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
- Re: key change for TCP-MD5 Warren Kumari (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Ross Callon (Jun 21)
- Re: key change for TCP-MD5 David Barak (Jun 21)
- Re: key change for TCP-MD5 Jared Mauch (Jun 21)