BGP over TLS

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Sent: Tuesday, October 22, 2019 8:26 PM
> To: Keith Medcalf <kmedcalf at dessus.com>
> 
> No,
> 
> 
> > On Oct 22, 2019, at 2:08 PM, Keith Medcalf <kmedcalf at dessus.com>
> wrote:
> >
> > At this point further communications are encrypted and secure against
> eavesdropping.
> 
> The problem isn't the protocol being eavesdropped on. The data is already
> published publicly by many people.
> 
> The problem is one of mutual authentication and authorization of the
> transport.
> 
Yes the information is public but if the routing information exchanged over
a given peering session is tempered with that could potentially cause some
problems right?

But then again, as Jeff mentioned, with GTSM this vector is limited to a
local link between two eBGP speakers (or whole IGP domain for iBGP sessions
but let's leave that one out for now).
So move from bilateral peering over common IX-LAN to direct peering 
Or if a direct link is still not to be trusted do MACSEC.
Then it's all about you and the peer -if he/she screws you over de-peer.

adam

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]