[81685] in North American Network Operators' Group
Re: md5 for bgp tcp sessions
daemon@ATHENA.MIT.EDU (Todd Underwood)
Thu Jun 23 10:28:14 2005
Date: Thu, 23 Jun 2005 10:27:49 -0400
From: Todd Underwood <todd@renesys.com>
To: "Hannigan, Martin" <hannigan@verisign.com>
Cc: Richard A Steenbergen <ras@e-gerbil.net>, nanog@merit.edu
In-Reply-To: <A206819EF47CBE4F84B5CB4A303CEB7A5215AF@dul1wnexmb01.vcorp.ad.vrsn.com>
Errors-To: owner-nanog@merit.edu
marty,
On Thu, Jun 23, 2005 at 10:22:07AM -0400, Hannigan, Martin wrote:
> > rolling out magic code because your
> > vendor tells you to is a bad idea;
>
> That's mostly the result of the calamitous failure in vulnerability
> release methodology, not Operator stupidity.
totally agreed. vendors c, j and several others should be *ashamed*
of the way that they handled and continue to handle this issue: they
have yet to admit that they raised a panic (in secret, with no facts,
so that they could not be refuted) over a basic fact of the way tcp
works, creating outages and instability to fix a non-problem.
operators in those circumstances had little choice but to roll out
"critical security fixes", but i think we all deserve an apology, an
explanation and a commitment to do better in the future.
t
--
_____________________________________________________________________
todd underwood
director of operations & security
renesys - interdomain intelligence
todd@renesys.com www.renesys.com
