[90996] in North American Network Operators' Group
RE: key change for TCP-MD5
daemon@ATHENA.MIT.EDU (Bora Akyol)
Fri Jun 23 16:36:03 2006
Date: Fri, 23 Jun 2006 13:35:20 -0700
From: "Bora Akyol" <bora@broadcom.com>
To: "Barry Greene (bgreene)" <bgreene@cisco.com>,
"Ross Callon" <rcallon@juniper.net>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
=20
> -----Original Message-----
> From: Barry Greene (bgreene) [mailto:bgreene@cisco.com]=20
> Sent: Friday, June 23, 2006 11:50 AM
> To: Bora Akyol; Ross Callon; nanog@merit.edu
> Subject: RE: key change for TCP-MD5
>=20
> =20
>=20
> > If DOS is such a large concern, IPSEC to an extent can be used to=20
> > mitigate against it. And IKEv1/v2 with IPSEC is not the horribly=20
> > inefficient mechanism it is made out to be. In practice, it=20
> is quite=20
> > easy to use.
>=20
> IPSEC does nothing to protect a network device from a DOS=20
> attack. You know that.
>=20
Barry
The validity of your statement depends tremendously on how IPSEC is
implemented.
Bora
