Re: Winstar says there is no TCP/BGP vulnerability

[Joe Rhett <jrhett () isite net>]

That isn't the point of my post.  Whether or not you think X is a good
idea, having someone technical say "we don't support X currently" does not
mean a host of other things like "we think X is a bad idea" or any other
nonsense like that.

On Tue, Apr 20, 2004 at 08:29:34PM -0700, Michel Py wrote:
> Please forgive me if I'm naive and/or ask a stupid question, but is
> there any reason (besides your platform not supporting it) _not_ to MD5
> your BGP sessions? Geez, on my _home_ router all my v4 BGP sessions are
> MD5ed (v6 not there yet).
>
> Michel.
>
>
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> Joe Rhett
> Sent: Tuesday, April 20, 2004 8:07 PM
> To: Rodney Joffe
> Cc: NANOG
> Subject: Re: Winstar says there is no TCP/BGP vulnerability
>
>
> I've left your entire message below so that one can see I've removed
> nothing.  Winstar has made NONE of the statements you are interpreting
> from
> their response.  They have simply stated that they don't support it at
> this
> moment in time.  I'll grant you that they could have answered "when" or
> "why" or "what else".  But they certainly didn't say anything you are 
> suggesting that they have said.
>
> <joke>Should we ever meet, I'll remember to never turn down a beer.
> You might think I'm pro-prohibition or something...</joke>
>
> On Tue, Apr 20, 2004 at 01:44:44PM -0700, Rodney Joffe wrote:
> > Perhaps we are all making too much of this...
> >
> > It appears that Winstar feels that there is no need for MD5
> > authentication of peering sessions. One of our customers has just had
> > the following response from Winstar following a request to implement
> MD5
> > on their OC3 connection to Winstar. My first suggestion is to locate
> > another upstream provider (they have 3 already).
> >
> > However, perhaps someone from Winstar would care to help us all
> > understand what the alternative solution is to securing the session
> via
> > MD5? I would *love* an alternative to the 5 days of work we've just
> gone
> > through.
> >
> > > -----Original Message-----
> > > From: Justin Crawford - NMCW Engineer [mailto:jcrawford () winstar net]
> > > Sent: Tuesday, April 20, 2004 11:13 AM
> > > To: xxxxxx
> > > Subject: Re: *****SPAM***** MD5 implimentation on BGP
> > >
> > > xxxxx,
> > >
> > > Winstar does not currently run MD5 authentication with our peers.
> > >
> > > Thanks
> > >
> > > Justin
> > >
> > > Thank you for your time and business
> > >
> > > Justin Crawford
> > > Winstar NMCW
> > > Ph: 206-xxx.xxxx
> >
> > Has anyone else run in to this with Winstar?
> >
> > -- 
> > Rodney Joffe
> > CenterGate Research Group, LLC.
> > http://www.centergate.com
> > "Technology so advanced, even we don't understand it!"(SM)
>
> -- 
> Joe Rhett                                                      Chief
> Geek
> JRhett () Isite Net                                      Isite Services,
> Inc.

-- 
Joe Rhett                                                      Chief Geek
JRhett () Isite Net                                      Isite Services, Inc.