nanog mailing list archives
Re: key change for TCP-MD5
From: Valdis.Kletnieks () vt edu
Date: Tue, 20 Jun 2006 15:53:51 -0400
On Tue, 20 Jun 2006 21:16:05 +0200, Iljitsch van Beijnum said:
What if we agree to change the key on our BGP session, I add the new key on my side and start sending packets using the new key, while you don't have the new key in your configuration yet?
How is that *any* different than you sending an e-mail saying "Here's the new key we'll put into production at 3:17:04.97 GMT, hope you're NTP-synced" and not waiting for an ACK from the other end before proceeding? I'd encourage my competitors to design their procedures that way, but it only works for competitors that you aren't either peering or directly transiting with. Otherwise, you're merely handing them a loaded gun to point at your feet...
Attachment:
_bin
Description:
Current thread:
- Re: key change for TCP-MD5, (continued)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
- Re: key change for TCP-MD5 Edward B. DREGER (Jun 19)
- Message not available
- Re: key change for TCP-MD5 Steven M. Bellovin (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 22)
- RE: key change for TCP-MD5 David Schwartz (Jun 22)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
- Re: key change for TCP-MD5 Crist Clark (Jun 20)
- Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
- Re: key change for TCP-MD5 Warren Kumari (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Ross Callon (Jun 21)
- Re: key change for TCP-MD5 David Barak (Jun 21)
- Re: key change for TCP-MD5 Jared Mauch (Jun 21)
- Re: key change for TCP-MD5 Randy Bush (Jun 21)