MD5 considered harmful

Christopher Morrow morrowc.lists at
Fri Jan 27 21:21:49 UTC 2012

On Fri, Jan 27, 2012 at 3:52 PM, Patrick W. Gilmore <patrick at> wrote:
> MD5 on BGP sessions is the canonical example of a cure worse than the disease.  There has been /infinitely/ more downtime caused by MD5 than the mythical attack it protects again.  (This is true because anything times zero is still zero.)

I don't disagree with patrick here... but 'infinitely more', is hard
to measure :) "Most likely there have been far more lengthy outages
due to lost/changed/incorrect key material than were caused by the
problem this is meant to solve for."


> It is

More information about the NANOG mailing list