+1 --- unfortunately for the social engineering on TCP-MD5
Freeloading does not having impeding crisis
requiring BGP peer to have social distance from non-secure peer.
(smile)
Sue
-----Original Message-----
From: Joseph Touch [mailto:[email protected]]
Sent: Thursday, April 16, 2020 1:11 PM
To: Susan Hares
Cc: [email protected]; [email protected];
[email protected]; [email protected]
Subject: Re: [Last-Call] [Taps] Opsdir telechat review of
draft-ietf-taps-transport-security-11
> On Apr 16, 2020, at 9:55 AM, Susan Hares <[email protected]> wrote:
>
> Joe:
>
> I have come to the same conclusion that an open-source TCP-AO is the
> next step for TCP-AO.
>
> I still hoping for some fairy dust ... to fix the BGP TCP security problem.
> If you have any ... let me know
We have a fix for the security problem. What we lack is a fix for the
freeloader problem.
Other than declaring TCP MD5 a hazard and actively abandoning it, there’s too
much of a fallback.
One step might be for the IETF to prohibit support for TCP MD5 in all new work
- e.g., there’s pending work in TCPM to develop a YANG model that includes MD5
“for legacy support”, but that only serves to feed the problem.
But a new solution isn’t going to make freeloading easier.
Joe
_______________________________________________
Taps mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/taps
