Home page logo
/

nanog logo nanog mailing list archives

Re: bgp md5 auth
From: John Kristoff <jtk () depaul edu>
Date: Tue, 18 Sep 2001 11:25:57 -0500


Randy Bush wrote:
boys and girls, some folk with clue are trying to advise you to do
something trivial that might raise the safety level a little.  also,
they may not want to describe why to blatantly.

Since this has been brought up...

We've recently brought up a connection at AADS in July.  Of about 30
peers brought online so far, this is a summary of the responses we've
received when we've asked to implement MD5 authentication.

Two refused.  One simply said they don't support.  The other with
reasoning that it was dumb and unnecessary with point-to-point links
(ATM PVCs).

We had one peer who agreed to use it, but said it was really
unnecessary.  Another agreed to use it, but doesn't like to because
they've found that their peers sometimes forget or lose the passwords. 
Guess who lost the password once already?  :-)

More than a half dozen organizations were doing authentication for the
first time with us.

Two organization said they don't support TCP MD5 authentication, but
they'll do BGP password.  Now when I ask I put a 'aka BGP password' in
parentheses after I use the words 'TCP MD5 authentication'.

Only one organization told me they *prefer* (my emphasis) to do
authentication.

The remaining organizations only do authentication if asked.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]