nanog mailing list archives
Re: MD5?
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Fri, 27 Jan 2012 14:59:43 -0500
On Fri, Jan 27, 2012 at 2:51 PM, Seth Mattinen <sethm () rollernet us> wrote:
On 1/27/12 11:26 AM, Brian Stengel wrote:We have a potential customer that is asking for us to enable MD5 authentication on a TCP connection between two BGP peers? Is this still common practice today? Any potential problems or gotchas to keep in mind?Sprint requires it to enable remote triggered blackhole.
lots of folks still use it yes. is it helpful? maybe? maybe not? is this peering over a shared media (like a 10base-T hub). You might point out that you'll be enabling this, then promptly writing the 'secret' on a large whiteboard in your noc... because chances are the config won't include it in rancid and ... you don't have a place to store these securely that's not prone also to outages :( also, customers wander through your NOC, so...
Current thread:
- MD5? Brian Stengel (Jan 27)
- Re: MD5? Seth Mattinen (Jan 27)
- Re: MD5? Christopher Morrow (Jan 27)
- Re: MD5? Jon Lewis (Jan 27)
- Re: MD5? Christopher Morrow (Jan 27)
- MD5 considered harmful Patrick W. Gilmore (Jan 27)
- Re: MD5 considered harmful Christopher Morrow (Jan 27)
- Re: MD5 considered harmful Grzegorz Janoszka (Jan 27)
- Re: MD5 considered harmful Jared Mauch (Jan 27)
- Re: MD5 considered harmful Keegan Holley (Jan 27)
- Re: MD5 considered harmful Jeff Wheeler (Jan 27)
- Re: MD5 considered harmful Keegan Holley (Jan 27)
- Re: MD5? Christopher Morrow (Jan 27)
- Re: MD5 considered harmful Zaid Ali (Jan 27)
- Re: MD5? Seth Mattinen (Jan 27)