[90908] in North American Network Operators' Group
Re: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Crist Clark)
Tue Jun 20 15:58:45 2006
Date: Tue, 20 Jun 2006 12:56:36 -0700
From: "Crist Clark" <Crist.Clark@globalstar.com>
To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Cc: "NANOG list" <nanog@merit.edu>
In-Reply-To: <238BBE3B-C2A9-46A8-AA32-90D9086F8A94@muada.com>
Errors-To: owner-nanog@merit.edu
>>> On 6/20/2006 at 12:33 PM, Iljitsch van Beijnum <iljitsch@muada.com> =
wrote:
> On 20-jun-2006, at 21:23, Randy Bush wrote:
>=20
>>> What if we agree to change the key on our BGP session, I add the new
>>> key on my side and start sending packets using the new key, while you
>>> don't have the new key in your configuration yet?
>=20
>> again: try reading the draft
>=20
> I've read the draft and it "solves" this problem with timing. That's =20
> insufficient because it requires that both sides do the right thing =20
> at the right time without any way to verify whether the other side is =
=20
> ready. What if one side didn't make the change, or entered the wrong =20
> key?
Uh, isn't what this,
"In particular, if a key change has just been
attempted but such segments are not acknowledged, it is reasonable to
fall back to the previous key and issue an alert of some sort."
Is for? Automated fallback if a new key doesn't work?
--=20
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
B=BCinformation contained in this e-mail message is confidential, intended =
only for the use of the individual or entity named above. If the reader of =
this e-mail is not the intended recipient, or the employee or agent =
responsible to deliver it to the intended recipient, you are hereby =
notified that any review, dissemination, distribution or copying of this =
communication is strictly prohibited. If you have received this e-mail in =
error, please contact postmaster@globalstar.com=20
