Subject: Re: RFC2385 - pretty please?
To: E.B. Dreger <eddy+public+spam@noc.everquick.net>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-net
Date: 04/21/2004 09:46:30
In message <Pine.LNX.4.44.0404210721250.3626-100000@a.mx.ict1.everquick.net>, "
E.B. Dreger" writes:
>JR> Date: Tue, 20 Apr 2004 16:59:02 -0700
>JR> From: Jeff Rizzo
>
>
>JR> So, last summer (Late May) there was some discussion about
>JR> RFC 2385 support ("Protection of BGP Sessions via the TCP MD5
>JR> Signature") which had been written but not committed due to
>JR> lack of time on the part of the developer(s) who had written
>JR> it.  Is there someone I can buy a beer or two to persuade to
>JR> revisit this?  :)  It would be nice to be able to continue to
>JR> use NetBSD for BGP applications now that many peers are
>JR> demanding MD5 session authentication...
>
>TTL 255 hack is even easier and has a lower CPU cost.

Yes, but it doesn't help at all at LAN-based interconnects, and it's 
not that much help for iBGP where sessions are often multi-hop.

		--Steve Bellovin, http://www.research.att.com/~smb