Re: key change for TCP-MD5

[Richard A Steenbergen <ras () e-gerbil net>]

On Sat, Jun 24, 2006 at 02:51:57AM -0700, Barry Greene (bgreene) wrote:
> At the same time, you are not going to find the SP core swapping out
> their equipment for hardware with crypto chips.  SPs do not seem to want
> to pay for this sort of addition. So even new equipment is not getting
> hardware crypto that can be used.

As with everything else, it needs to actually add useful features that 
makes a SP's life easier, not just be another vector for an extra line 
item and a higher total on the router invoice.

> So a BGP IPSEC option has to work with what hardware we've got deployed
> today - not wishing the community would "just upgrade."  

SPs don't see any tangile benefit in BGP IPSEC (and legitimately so), so 
this will clearly not be a driving factor for them. I guarantee you if you 
solve a real problem (like say authenticating and managing authorized 
prefix announcements) and make it faster/better because the router has 
hardware crypto available, folks will actually start buying new RPs/etc.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)