nanog mailing list archives

RE: route authentication

From: Joshua Wright <Joshua.Wright () jwu edu>
Date: Tue, 4 Jun 2002 10:35:40 -0400


I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5
auth for BGP, but have been unsuccessful so far.  The most difficult
challenge I face there is convincing people of the "need" with the lack of a
published exploit that the MD5 authentication would prevent.

So much for best practices. <sigh>

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright () jwu edu 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

-----Original Message-----
From: Barbara Fraser [mailto:byfraser () cisco com]
Sent: Monday, June 03, 2002 7:48 PM
To: nanog () merit edu
Subject: route authentication

I'm wondering just how many ISPs are using HMAC-MD5 to 
authenticate IS-IS 
route advertisements within their ASs,  or MD5 on BGP peering 
sessions? I 
don't need a real number, just a sense of the community. Is usage 
increasing? is it dead? is it regional? etc. Any anecdotal 
info you have is 
appreciated. I don't need names of ISPs, just whether or not these 
technologies are being used.

thanks,
Barbara
Barbara Fraser
Consulting Engineer
Cisco Systems, Inc.
Phone: +1 (408) 525-1735

Current thread:

route authentication Barbara Fraser (Jun 03)
- Re: route authentication Sean Donelan (Jun 04)
  - Re: route authentication batz (Jun 04)
    - Re: route authentication Richard A Steenbergen (Jun 04)
    - Re: route authentication Rodney Thayer (Jun 04)
- <Possible follow-ups>
- RE: route authentication Joshua Wright (Jun 04)
  - RE: route authentication batz (Jun 04)
- RE: route authentication Sean Donelan (Jun 04)