tcp md5 bgp attacks?
Randy Bush
randy at psg.com
Wed Aug 15 00:12:49 UTC 2018
[ again, thanks for an answer to the question asked ]
>> anyone using the timed key-chain stuff?
>
> I’ve looked at it, hear it works, but not been willing to take the hit
> for any transition.
and i am not sure it meets my needs. i am not seeking privacy or pfs.
i want roll-if-compromise. (and no, i do not want automated compromise
heuristics, a recipe for death).
>
> we need something that’s stable enough to last 5-7 years, which is
> very different from a HTTP transaction that may live only a few
> seconds.
something such as, or close to, rfc 4808?
randy
More information about the NANOG
mailing list