+1 --- unfortunately for the social engineering on TCP-MD5
Freeloading does not having impeding crisis
requiring BGP peer to have social distance from non-secure peer.
(smile)
Sue
-----Original Message-----
From: Joseph Touch [mailto:touch@xxxxxxxxxxxxxx]
Sent: Thursday, April 16, 2020 1:11 PM
To: Susan Hares
Cc: last-call@xxxxxxxx; ops-dir@xxxxxxxx; draft-ietf-taps-transport-security.all@xxxxxxxx; taps@xxxxxxxx
Subject: Re: [Last-Call] [Taps] Opsdir telechat review of draft-ietf-taps-transport-security-11
> On Apr 16, 2020, at 9:55 AM, Susan Hares <shares@xxxxxxxx> wrote:
>
> Joe:
>
> I have come to the same conclusion that an open-source TCP-AO is the
> next step for TCP-AO.
>
> I still hoping for some fairy dust ... to fix the BGP TCP security problem.
> If you have any ... let me know
We have a fix for the security problem. What we lack is a fix for the freeloader problem.
Other than declaring TCP MD5 a hazard and actively abandoning it, there’s too much of a fallback.
One step might be for the IETF to prohibit support for TCP MD5 in all new work - e.g., there’s pending work in TCPM to develop a YANG model that includes MD5 “for legacy support”, but that only serves to feed the problem.
But a new solution isn’t going to make freeloading easier.
Joe
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
