On Sat, Apr 02, 2011 at 11:22:18AM +0200, Matthias Waehlisch wrote: | Hi Hannes, | | On Fri, 1 Apr 2011, Hannes Gredler wrote: | | > so i'd be much more in favour of TCP-AO or even TCP-MD5 (did i mention | > that i am no security guy ;-)), since those are the standard tools to | > protect message integrity of the BGP session itself - its already | > onboard and does not cause much userspace / userspace transport | > weirdness since both for linux and BSD its implemented in the kernel. | > | could you give a reference to both, Linux and BSD, TCP-AO | implementations?
to my knowledge there are none up to date, however it has to be done at some point as TCP-MD5 for securing the base BGP session seems to be too weak as well. so my question is: "why do we need to solve the same problem (= protecting message integrity) 2 times in different ways" ? /hannes _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
