nanog mailing list archives
Re: BCP38 making it work, solving problems
From: Patrick W Gilmore <patrick () ianai net>
Date: Wed, 20 Oct 2004 02:37:13 -0400
On Oct 19, 2004, at 1:14 PM, JP Velders wrote:
jacking the connection is in a completely different class as someone bombarding you with a bunch of forged BGP packets to close down a session. Without that MD5 checksum you are quite vulnerable to that. I haven't seen a vendor come up with a solution to that, because the problem is on a much more vendor-neutral level...
We haven't talked about this in a few months, so what the hell....Have you actually done the work to see how many packets it takes to shut down a session with and without MD5 enabled? (The question is rhetorical, since your post shows that you have not.)
Back on topic, the MD5 debate is not an exact apples-to-apples comparison of BCP38. Stopping people from shutting down your BGP sessions is not the same as letting your customer hurt me while claiming to be a third party.
Put another way, MD5 on BGP sessions is a personal choice per network. I made my decision. You are welcome and encouraged to make your own. Neither will effect the other, except where our two networks meet. (And then I am positive we can come to some mutual understanding.)
BCP38 is not a personal decision. Not implementing it hurts the whole Internet, not just your little corner.
-- TTFN, patrick
Current thread:
- Re: BCP38 making it work, solving problems, (continued)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)
- Re: BCP38 making it work, solving problems Suresh Ramasubramanian (Oct 12)
- Re: BCP38 making it work, solving problems Steven Champeon (Oct 13)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Fred Baker (Oct 19)
- Re: BCP38 making it work, solving problems Randy Bush (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems David G. Andersen (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Patrick W Gilmore (Oct 19)
- Re: BCP38 making it work, solving problems Jon Lewis (Oct 20)
- Re: BCP38 making it work, solving problems Joe Abley (Oct 21)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 19)
- Re: BCP38 making it work, solving problems JP Velders (Oct 19)
- Re: BCP38 making it work, solving problems Jared Mauch (Oct 19)
- Re: BCP38 making it work, solving problems Mark Andrews (Oct 19)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 12)
- Re: BCP38 making it work, solving problems Suresh Ramasubramanian (Oct 12)
- Re: BCP38 making it work, solving problems Bora Akyol (Oct 12)
- Re: BCP38 making it work, solving problems Patrick W Gilmore (Oct 12)