Re: Last Call: 'Key Change Strategies for TCP-MD5' to Informational RFC (draft-bellovin-keyroll2385)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 3-Oct-2006, at 14:17, Iljitsch van Beijnum wrote:

Well, my expience is pretty much the opposite: in the commercial ISP world here in Europe, key changes are rare.

ISC has deployed (I think) almost 40 nodes of F now across six continents, and there's peering at pretty much all of those locations. That adds up to a fair number of sessions.

Those who look after those nodes now on a daily basis might report different recent experience, but when I was doing that work I don't believe I ever saw a request from a peer to change a key on a working session.

So, your experience in Europe matches my experience in Europe, Asia, North America, South America, Australasia and Africa.

Having said that, I certainly support the idea that changing keys is a good idea, so long as people continue to use the TCP MD5 option on their BGP sessions. Mechanisms to make it easier to change keys are surely a good idea in that context.

Whether or not the TCP MD5 option is worth using at all is a different question.


Joe

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]