Revised MD5 proliferation statistics
scg at gibbard.org
Mon May 10 20:24:08 UTC 2004
Last week I sent out some numbers on MD5 proliferation among Packet
Clearing House's peers, did some speculation about what this meant for the
rest of the Net, and asked for numbers from other sources. At PCH, we had
12% of sessions configured as MD5. We had been responding to requests
from peers, but not making any requests of our own. I speculated that if
this meant 12% of peers were making such requests, and all peers were
complying with the requests, that would mean 22% of peering sessions had
I got responses from six other networks, ranging from one of the
traditional tier 1s with 734 peering sessions to a small ISP with five.
In total, I heard about 1,226 sessions, of which 458, or 37%, had been
configured for MD5.
As expected, there are two very different percentage groups based on
whether the network has been asking their peers to configure MD5. Among
those who have been requesting MD5 from their peers, 49% have been
converted (if I exclude the tier 1, that climbs to 86%). Among those who
haven't been requesting MD5 from their peers, the average MD5
proliferation is 13%.
I'm a little unsure how to interpret the rates for those who have been
requesting that their peers configure MD5, due to a huge spread. The tier
1 who responded had 44% configured. Another response, which couldn't be
included in my averages due to a lack of specific numbers, said 49%. On
the other end of the spectrum were two reports, one from a small ISP that
had gotten four out of five, and one from a larger ISP that had gotten 78
of 90, for 86%. I'm going to stick to my 49% number for now, but I'm
still interested in seeing more data.
To do the same math I did last week, with the revised numbers: If 13% of
peers are making MD5 requests, that should mean MD5 requests have been
made for 24% of peering sessions. If 49% of those requests are being
complied with, that should mean about 12% of peering sessions are now
configured for MD5.
More information about the NANOG