[149074] in North American Network Operators' Group
Re: MD5 considered harmful
daemon@ATHENA.MIT.EDU (Keegan Holley)
Fri Jan 27 18:48:04 2012
In-Reply-To: <CAPWAtbKaSx4zt3ApYW+rMfexhq=YjqvDzenQNxAcjUMwp5j_ug@mail.gmail.com>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Fri, 27 Jan 2012 18:46:41 -0500
To: Jeff Wheeler <jsw@inconcepts.biz>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2012/1/27 Jeff Wheeler <jsw@inconcepts.biz>:
> On Fri, Jan 27, 2012 at 6:35 PM, Keegan Holley
> <keegan.holley@sungard.com> wrote:
>> realizes that it's ok to let gig-e auto-negotiate. =A0I've never really
>> seen MD5 cause issues.
>
> I have run into plenty of problems caused by MD5-related bugs.
>
> 6500/7600 can still figure the MSS incorrectly when using it. =A0It used
> to be possible for that particular box to send over-sized frames out
> Ethernet ports with MD5 enabled, which of course were likely to be
> dropped by the neighboring router or switching equipment (perhaps even
> carrier Ethernet equipment.) =A0Obviously that can be a chore to
> troubleshoot.
>
> Sometimes we choose to use it. =A0Sometimes we don't.
>
> --
Bugs are a different argument though. If you could call something
harmful because a single vendor codes it wrong there would be far
fewer windows users in the world. (I know it's friday, but please no
one change the subject to OS's)
