nanog mailing list archives

Re: tcp md5 bgp attacks?

From: Jared Mauch <jared () puck nether net>
Date: Tue, 14 Aug 2018 20:08:47 -0400

On Aug 14, 2018, at 8:04 PM, Randy Bush <randy () psg com> wrote:

follow-on question:

anyone using the timed key-chain stuff?


I’ve looked at it, hear it works, but not been willing to take the hit for any transition.

I talked about some of this and other challenges at SAAG WG at IETF 101.  Transport area has some possible interesting 
things, but similar to what Haas said, TCP-AO isn’t really viable yet, and we need something that’s stable enough to 
last 5-7 years, which is very different from a HTTP transaction that may live only a few seconds.

We have some places where we could transition non-BGP protocols and rotate the key, but last I recall it was only there 
on a single vendor so multi-vendor posed some challenges.

- Jared

Current thread:

Re: tcp md5 bgp attacks?, (continued)
- - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 15)
    - Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
    - Re: tcp md5 bgp attacks? Niels Bakker (Aug 19)
- RE: tcp md5 bgp attacks? Lotia, Pratik M (Aug 15)
  - Re: tcp md5 bgp attacks? Garrett Skjelstad (Aug 20)
- Re: tcp md5 bgp attacks? lobna gouda (Aug 15)
- Re: tcp md5 bgp attacks? John Kristoff (Aug 14)
  - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
    - Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
    - Re: tcp md5 bgp attacks? Randy Bush (Aug 14)