Routing Insecurity (Re: BGP in the Washington Post)

Randy Bush randy at psg.com
Wed Jun 10 13:31:07 UTC 2015


>> rtfm.  bgpsec key aggregation is at the descretion of the operator.
>> they could use one key to cover 42 ASs.
> 
> I've been reading the presentations and the mailing lists, both of
> which imply you should use one key per router for security reasons.
> I would tend to agree with that assessment, BTW.

folk have different threat models.  yours (and mine) may be
propagation of router compromise.  for others, it might be a subtle
increase in disclosure of router links.  contrary to your original
assertion, the protocol supports both.

randy



More information about the NANOG mailing list