nanog mailing list archives
RE: BGP over TLS
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Tue, 22 Oct 2019 12:07:46 -0600
TLS in the traditional sense 'requires' that there be an X.509 certificate to use in authenticating (and to some extent authorizing - can you be a CA? sign email? etc...) endpoints, ideally you do 'tls mutual authentication'...
That is incorrect. I believe that an endpoint (lets call it Alice) can connect to another endpoint (lets call it Bob) and Alice can say to Bob, "Hello Dude, lets negotiate a secret key between us". "Yokkely dokelly", says Bob, "Lets do that". They then exchange some stuff to and fro and then Alice says "Righty then, lets encrypt!" and Bob says, "Yabba Doodle Doo". At this point further communications are encrypted and secure against eavesdropping. Alice still has no idea who she is talking to (other than it is the dude that picked up the phone), and Bob has no idea who he is talking too other than the fact it is whoever rang him up. The Security part in Transport Layer Security is Encryption. Authentication is lathered on top as an afterthought and requires external measures be taken in order to have *any* effect whatsoever. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Current thread:
- RE: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing"), (continued)
- RE: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Keith Medcalf (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Radu-Adrian Feurdean (Oct 21)
- RE: BGP over TLS Robert McKay (Oct 21)
- RE: BGP over TLS Keith Medcalf (Oct 21)
- Re: BGP over TLS Joe Abley (Oct 21)
- Re: BGP over TLS Tony Finch (Oct 21)
- Re: BGP over TLS Jared Mauch (Oct 21)
- Re: BGP over TLS Grant Taylor via NANOG (Oct 21)
- Re: BGP over TLS Julien Goodwin (Oct 22)
- Re: BGP over TLS Christopher Morrow (Oct 22)
- RE: BGP over TLS Keith Medcalf (Oct 22)
- Re: BGP over TLS Chris Adams (Oct 22)
- Re: BGP over TLS Brandon Martin (Oct 22)
- Re: BGP over TLS Jared Mauch (Oct 22)
- RE: BGP over TLS Keith Medcalf (Oct 22)
- Re: BGP over TLS Jared Mauch (Oct 22)
- Re: BGP over TLS Bjørn Mork (Oct 22)
- Re: BGP over TLS Christopher Morrow (Oct 22)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brandon Martin (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brielle (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Jeffrey Haas (Oct 21)