On Mon, Apr 04, 2011 at 08:22:42AM -0400, Danny McPherson wrote: | | On Apr 4, 2011, at 4:32 AM, Hannes Gredler wrote: | | > | > so my question is: "why do we need to solve the same problem | > (= protecting message integrity) 2 times in different ways" ? | | This new machinery simply introduces object-level integrity functions | in the application (i.e., BGP), it does nothing to ameliorate attacks | at lower layers - all those substrate attack vectors (e.g., transport | connection resets, injection or replay attacks) still exist and | require controls as well -- else things might break in even uglier ways | at higher layers.
still that does not answer my question: why do we need to solve the problem of transport integrity twice (or to play devils advocate: shall we encapsulate BGP into SSH up until something better than MD5 is available ;-)) /hannes _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
