nanog mailing list archives
Re: tcp md5 bgp attacks?
From: Randy Bush <randy () psg com>
Date: Tue, 14 Aug 2018 17:12:49 -0700
[ again, thanks for an answer to the question asked ]
anyone using the timed key-chain stuff?I’ve looked at it, hear it works, but not been willing to take the hit for any transition.
and i am not sure it meets my needs. i am not seeking privacy or pfs. i want roll-if-compromise. (and no, i do not want automated compromise heuristics, a recipe for death).
we need something that’s stable enough to last 5-7 years, which is very different from a HTTP transaction that may live only a few seconds.
something such as, or close to, rfc 4808? randy
Current thread:
- Re: tcp md5 bgp attacks?, (continued)
- Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
- Re: tcp md5 bgp attacks? Randy Bush (Aug 15)
- Re: tcp md5 bgp attacks? joel jaeggli (Aug 14)
- Re: tcp md5 bgp attacks? Niels Bakker (Aug 19)
- RE: tcp md5 bgp attacks? Lotia, Pratik M (Aug 15)
- Re: tcp md5 bgp attacks? Garrett Skjelstad (Aug 20)
- Re: tcp md5 bgp attacks? lobna gouda (Aug 15)
- Re: tcp md5 bgp attacks? John Kristoff (Aug 14)
- Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
- Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
- Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
- Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
- Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
- Re: tcp md5 bgp attacks? Randy Bush (Aug 14)