tcp md5 bgp attacks?

Randy Bush randy at
Wed Aug 15 00:12:49 UTC 2018

[ again, thanks for an answer to the question asked ]

>> anyone using the timed key-chain stuff?
> I’ve looked at it, hear it works, but not been willing to take the hit
> for any transition.

and i am not sure it meets my needs.  i am not seeking privacy or pfs.
i want roll-if-compromise. (and no, i do not want automated compromise
heuristics, a recipe for death).
> we need something that’s stable enough to last 5-7 years, which is
> very different from a HTTP transaction that may live only a few
> seconds.

something such as, or close to, rfc 4808?


More information about the NANOG mailing list