nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing")

From: Brandon Martin <lists.nanog () monmotha net>
Date: Mon, 21 Oct 2019 15:25:28 -0400
On 10/21/19 11:30 AM, Keith Medcalf wrote:

Why cannot one just put the MD5 authenticated connection inside a TLS connection?  What is the advantage to be gained 
by replacing the authentication mechanism with weaker certificate authentication method available with TLS?


Self-issued certificates with either CA pinning or end-certificate hash pinning is arguably more secure than a shared 
passphrase as used by TCP-MD5 in that someone with knowledge of the secrets of one end cannot use it to impersonate the 
other end whereas a shared passphrase is inherently shared and symmetric in that respect.  Whether that really provides 
much value in the context of a BGP session is perhaps questionable.

As has been pointed out elsewhere in the thread, TLS does also support PSK-based authentication and keying rather than 
certificates.  It's not commonly used since the normal uses of TLS are one-server<->many-clients which doesn't lend 
itself well to such things, but it's at least defined.

Wouldn't ipsec be a "cleaner" solution to this (buginess of implementations and difficulty of configuration aside)?  It 
would also solve the TCP-RST injection issues that TCP-MD5 was intended to resolve.  You can use null encryption with 
ESP or even just AH if you want authentication without confidentiality, too.  Or are we all going to admit that ipsec 
is almost dead in that it's just too darned complex?  Just run BGP over TCP as normal and install a security policy 
that says it must use ipsec with appropriate (agreed-upon) authentication.  "Just", right?
-- 
Brandon Martin
Previous By Date Next
Previous By Thread Next

Current thread: