Routing Insecurity (Re: BGP in the Washington Post)
Randy Bush
randy at psg.com
Wed Jun 10 13:31:07 UTC 2015
>> rtfm. bgpsec key aggregation is at the descretion of the operator.
>> they could use one key to cover 42 ASs.
>
> I've been reading the presentations and the mailing lists, both of
> which imply you should use one key per router for security reasons.
> I would tend to agree with that assessment, BTW.
folk have different threat models. yours (and mine) may be
propagation of router compromise. for others, it might be a subtle
increase in disclosure of router links. contrary to your original
assertion, the protocol supports both.
randy
More information about the NANOG
mailing list