nanog mailing list archives
RE: BGP over TLS
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Tue, 22 Oct 2019 16:31:14 -0600
On Tuesday, 22 October, 2019 13:26, Jared Mauch <jared () puck nether net> wrote:
No,
On Oct 22, 2019, at 2:08 PM, Keith Medcalf <kmedcalf () dessus com>
wrote:
At this point further communications are encrypted and secure against eavesdropping.
The problem isn't the protocol being eavesdropped on. The data is
already
published publicly by many people.
The problem is one of mutual authentication and authorization of the transport.
I see. It is an AIC problem, not a CIA problem. TLS in its default usage is a CIA thing because, well, it was designed to solve CIA problems where even temporary secrecy is more important than being down for a week. As had been pointed out though, TLS does allow for non-CIA configuration and usage such as by using PSK or fingerprint authentication. SSH is also an AIC thing. It solves the problem by recording the fingerprint on first connect and alarming if the fingerprint is not subsequently what was expected. Cannot TLS be configured to do the same thing bidirectionally? -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Current thread:
- Re: BGP over TLS, (continued)
- Re: BGP over TLS Joe Abley (Oct 21)
- Re: BGP over TLS Tony Finch (Oct 21)
- Re: BGP over TLS Jared Mauch (Oct 21)
- Re: BGP over TLS Grant Taylor via NANOG (Oct 21)
- Re: BGP over TLS Julien Goodwin (Oct 22)
- Re: BGP over TLS Christopher Morrow (Oct 22)
- RE: BGP over TLS Keith Medcalf (Oct 22)
- Re: BGP over TLS Chris Adams (Oct 22)
- Re: BGP over TLS Brandon Martin (Oct 22)
- Re: BGP over TLS Jared Mauch (Oct 22)
- RE: BGP over TLS Keith Medcalf (Oct 22)
- Re: BGP over TLS Jared Mauch (Oct 22)
- Re: BGP over TLS Bjørn Mork (Oct 22)
- Re: BGP over TLS Christopher Morrow (Oct 22)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brandon Martin (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brielle (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Jeffrey Haas (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brandon Martin (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Jeffrey Haas (Oct 21)
- Re: BGP over TLS (was: Re: "Using Cloud Resources to Dramatically Improve Internet Routing") Brandon Martin (Oct 21)
- Re: BGP over TLS Bjørn Mork (Oct 21)