christos@zoulas.com (Christos Zoulas) writes:
> | > No, it is still useful because some routers will not accept non-md5 sessions.
> | > So to interoperate properly the minimum we have to do is send m5 packets and
> | > accept m5 packets.
> | 
> | 	i agree with perry.  if NetBSD side does not check signature
> | 	(in fact, it does not check *the existence* of signature either)
> | 	malicious party can throw bogus packets to NetBSD side, and tear down
> | 	connection (or whatever).
>
> But without it you cannot talk to the routers that only do MD5 in
> the first place.

Yes, and that's because they're expecting secure links.

This is like saying "the only way I can keep my lights on is to put a
penny into the fuse box instead of a fuse." The fuse is there to
protect you from a circuit overload, so using a penny is a bad
idea. The TCP/MD5 requirement is there to protect your BGP sessions
from being attacked, so using a fake implementation to get around the
requirement is also a bad idea.

> No matter what, the code is a step in the right direction.

Absolutely, and as soon as it actually checks that it is getting
properly signed packets, there should be no reason not to turn it
on. Meanwhile, I am not sure we should be telling people to use it.


-- 
Perry E. Metzger		perry@piermont.com