Internet failures over the next 3 years - slight tangent

Andrew Lange alange at ans.net
Tue Jun 22 23:03:53 UTC 1999



On Tue, 22 Jun 1999, Tim Wolfe wrote:
> >    - Critical Internet control software and systems
> 
> I am not a router vendor, but it seems that adding some sort of auth key to
> BGP (similar to the auth system of OSPF) wouldn't be all that difficult. 
> You could specify a key for each peer.

There is already a option in the BGP OPEN message to add authentication on
a BGP session.  However, the RFC doesn't specify an authenitcation method
to use.  Of course securing the level 4 BGP session without securing the
underlying TCP session is a weakness, so there is a proposal to implement
an MD5 TCP authentication method.  Does anyone know the status of this
proposal?

Andrew
---
Andrew Lange
UUNET - Ann Arbor
alange at ans.net





More information about the NANOG mailing list