[104787] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 27 13:57:27 2008
To: goemon@anime.net
In-Reply-To: Your message of "Tue, 27 May 2008 10:47:08 PDT."
<Pine.LNX.4.64.0805271046080.24833@sasami.anime.net>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 May 2008 13:54:19 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1211910859_3133P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 May 2008 10:47:08 PDT, goemon@anime.net said:
> What you want is cisco hardware that verifies firmware signatures in
> hardware.
Yes, but that requires new hardware. Understanding the security risk in
accepting an unsigned MD5 signature from the same place that you accepted the
file from is a wetware issue.
Granted, at many shops hardware upgrades are easier than wetware upgrades. ;)
--==_Exmh_1211910859_3133P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIPErLcC3lWbTT17ARAhD5AJ9vAn55GLk1m0Mgv5ZPZfEYL/9BnACggl+d
jlt/u8f687/3vNNZMCCWDdE=
=Fe9/
-----END PGP SIGNATURE-----
--==_Exmh_1211910859_3133P--
