[90886] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Mon Jun 19 13:22:48 2006
In-Reply-To: <17558.55916.201435.306988@roam.psg.com>
Cc: NANOG list <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 19 Jun 2006 19:22:20 +0200
To: Randy Bush <randy@psg.com>
Errors-To: owner-nanog@merit.edu
On 19-jun-2006, at 19:10, Randy Bush wrote:
>>> try reading more carefully
>> Didn't help...
> how sad, as the whole document is about how to usefully be able
> to introduce and roll to new keys without agreeing on a narrow
> time.
Well, as you can tell from my message just now, I don't think going
from agreeing on a narrow time to agreeing on a wider time is worth
the trouble, especially since by adding a BGP message it would be
possible to roll over if and as soon as both sides are ready,
removing the "wait for some time and then see whether the other end
really installed the new key" part from the proceedings.
