BGP over TLS

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, 22 October, 2019 13:26, Jared Mauch <jared at puck.nether.net>
wrote:

>No,

>> On Oct 22, 2019, at 2:08 PM, Keith Medcalf <kmedcalf at dessus.com>
wrote:

>> At this point further communications are encrypted and secure against
>>eavesdropping.

>The problem isn't the protocol being eavesdropped on. The data is
already
>published publicly by many people.

>The problem is one of mutual authentication and authorization of the
>transport.

I see.  It is an AIC problem, not a CIA problem.  TLS in its default
usage is a CIA thing because, well, it was designed to solve CIA
problems where even temporary secrecy is more important than being down
for a week.  As had been pointed out though, TLS does allow for non-CIA
configuration and usage such as by using PSK or fingerprint
authentication.  SSH is also an AIC thing.  It solves the problem by
recording the fingerprint on first connect and alarming if the
fingerprint is not subsequently what was expected.  Cannot TLS be
configured to do the same thing bidirectionally?

-- 
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]