nanog mailing list archives
RE: Routing Insecurity (Re: BGP in the Washington Post)
From: David Mandelberg <david () mandelberg org>
Date: Thu, 11 Jun 2015 15:10:22 -0400
On 2015-06-11 07:30, Russ White wrote:
There have been suggestions that a key-per-AS is easier to manage than akey-per-router, like in provisioning.Two points --First, if a single person with console access leaves the company, I must roll the key for all my BGP routes, with the attendant churn, etc. I can'timagine anyone deploying such a thing.
I assume the vast majority of these cases are when the person leaves with no indication of malicious intent. In those cases, it might be possible to perform the key rollover with a relatively long grace period in which both keys are valid. Wouldn't that help reduce churn?
-- David Eric Mandelberg / dseomn http://david.mandelberg.org/
Current thread:
- Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
- RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Christopher Morrow (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Danny McPherson (Jun 03)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Tinka (Jun 01)
- Re: BGP in the Washngton Post Mark Andrews (Jun 02)