[24372] in North American Network Operators' Group
Re: Internet failures over the next 3 years - slight tangent
daemon@ATHENA.MIT.EDU (Andrew Lange)
Tue Jun 22 19:05:02 1999
Date: Tue, 22 Jun 1999 23:03:53 +0000 (GMT)
From: Andrew Lange <alange@ans.net>
To: Tim Wolfe <tim@clipper.net>
Cc: Sean Donelan <SEAN@SDG.DRA.COM>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.02.9906221539240.10520-100000@mailhost.clipper.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 22 Jun 1999, Tim Wolfe wrote:
> > - Critical Internet control software and systems
>
> I am not a router vendor, but it seems that adding some sort of auth key to
> BGP (similar to the auth system of OSPF) wouldn't be all that difficult.
> You could specify a key for each peer.
There is already a option in the BGP OPEN message to add authentication on
a BGP session. However, the RFC doesn't specify an authenitcation method
to use. Of course securing the level 4 BGP session without securing the
underlying TCP session is a weakness, so there is a proposal to implement
an MD5 TCP authentication method. Does anyone know the status of this
proposal?
Andrew
---
Andrew Lange
UUNET - Ann Arbor
alange@ans.net
