BGP over TLS
adamv0025 at netconsultings.com
adamv0025 at netconsultings.com
Wed Oct 23 14:42:58 UTC 2019
> Sent: Tuesday, October 22, 2019 8:26 PM
> To: Keith Medcalf <kmedcalf at dessus.com>
>
> No,
>
>
> > On Oct 22, 2019, at 2:08 PM, Keith Medcalf <kmedcalf at dessus.com>
> wrote:
> >
> > At this point further communications are encrypted and secure against
> eavesdropping.
>
> The problem isn't the protocol being eavesdropped on. The data is already
> published publicly by many people.
>
> The problem is one of mutual authentication and authorization of the
> transport.
>
Yes the information is public but if the routing information exchanged over
a given peering session is tempered with that could potentially cause some
problems right?
But then again, as Jeff mentioned, with GTSM this vector is limited to a
local link between two eBGP speakers (or whole IGP domain for iBGP sessions
but let's leave that one out for now).
So move from bilateral peering over common IX-LAN to direct peering
Or if a direct link is still not to be trusted do MACSEC.
Then it's all about you and the peer -if he/she screws you over de-peer.
adam
More information about the NANOG
mailing list