Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: key change for TCP-MD5

  • From: Valdis.Kletnieks
  • Date: Tue Jun 20 16:06:25 2006

On Tue, 20 Jun 2006 21:16:05 +0200, Iljitsch van Beijnum said:

> What if we agree to change the key on our BGP session, I add the new  
> key on my side and start sending packets using the new key, while you  
> don't have the new key in your configuration yet?

How is that *any* different than you sending an e-mail saying "Here's the new
key we'll put into production at 3:17:04.97 GMT, hope you're NTP-synced" and
not waiting for an ACK from the other end before proceeding?

I'd encourage my competitors to design their procedures that way, but it only
works for competitors that you aren't either peering or directly transiting
with.  Otherwise, you're merely handing them a loaded gun to point at your
feet...



Attachment: pgp00011.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.