<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I do not have much to contribute but this.<br>
<br>
We already have ( choose your poison(s) )<br>
<br>
Dark Fiber + MACsec + BCP38 + ACL + MD5 + MPLS + IRRD + GRE
+ IPsec + yadi yada<br>
<br>
PS: Yup, I have SRX300s doing BGP over NNI -and- a GRE +
IPsec on LTE as a backup.<br>
<br>
What is the real endgame from the people(s) proposing "BGP over
TLS"? It feel like someone is trying to create a job for himself
over a solution in search of a problem.<br>
<pre class="moz-signature" cols="72">-----
Alain Hebert <a class="moz-txt-link-abbreviated" href="mailto:ahebert@pubnix.net">ahebert@pubnix.net</a>
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 <a class="moz-txt-link-freetext" href="http://www.pubnix.net">http://www.pubnix.net</a> Fax: 514-990-9443
</pre>
<div class="moz-cite-prefix">On 2019-10-23 10:42,
<a class="moz-txt-link-abbreviated" href="mailto:adamv0025@netconsultings.com">adamv0025@netconsultings.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:019a01d589b0$29f4b4d0$7dde1e70$@netconsultings.com">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Sent: Tuesday, October 22, 2019 8:26 PM
To: Keith Medcalf <a class="moz-txt-link-rfc2396E" href="mailto:kmedcalf@dessus.com"><kmedcalf@dessus.com></a>
No,
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On Oct 22, 2019, at 2:08 PM, Keith Medcalf <a class="moz-txt-link-rfc2396E" href="mailto:kmedcalf@dessus.com"><kmedcalf@dessus.com></a>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">
At this point further communications are encrypted and secure against
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">eavesdropping.
The problem isn't the protocol being eavesdropped on. The data is already
published publicly by many people.
The problem is one of mutual authentication and authorization of the
transport.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Yes the information is public but if the routing information exchanged over
a given peering session is tempered with that could potentially cause some
problems right?
But then again, as Jeff mentioned, with GTSM this vector is limited to a
local link between two eBGP speakers (or whole IGP domain for iBGP sessions
but let's leave that one out for now).
So move from bilateral peering over common IX-LAN to direct peering
Or if a direct link is still not to be trusted do MACSEC.
Then it's all about you and the peer -if he/she screws you over de-peer.
adam
</pre>
</blockquote>
<br>
</body>
</html>