[90900] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Jun 20 15:18:57 2006
In-Reply-To: <03235919BBDE634289BB6A0758A20B3669EF7E@NT-SJCA-0751.brcm.ad.broadcom.com>
Cc: NANOG list <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 20 Jun 2006 21:16:05 +0200
To: Bora Akyol <bora@broadcom.com>
Errors-To: owner-nanog@merit.edu
On 20-jun-2006, at 21:12, Bora Akyol wrote:
> The draft allows you to have a set of keys in your keychain and
> the implementation tries all of them before declaring the segment
> as invalid.
> No time synchronization required. No BGP message required.
What if we agree to change the key on our BGP session, I add the new
key on my side and start sending packets using the new key, while you
don't have the new key in your configuration yet?
