On Mon, Apr 26, 2004 at 08:35:51PM -0400, Perry E. Metzger wrote: > > christos%zoulas.com@localhost (Christos Zoulas) writes: > > | > No, it is still useful because some routers will not accept non-md5 > > sessions. > > | > So to interoperate properly the minimum we have to do is send m5 > > packets and > > | > accept m5 packets. > > | > > | i agree with perry. if NetBSD side does not check signature > > | (in fact, it does not check *the existence* of signature either) > > | malicious party can throw bogus packets to NetBSD side, and tear down > > | connection (or whatever). > > > > But without it you cannot talk to the routers that only do MD5 in > > the first place. > > Yes, and that's because they're expecting secure links. > > This is like saying "the only way I can keep my lights on is to put a > penny into the fuse box instead of a fuse." The fuse is there to > protect you from a circuit overload, so using a penny is a bad > idea. The TCP/MD5 requirement is there to protect your BGP sessions > from being attacked, so using a fake implementation to get around the > requirement is also a bad idea. Note, it's not that bad. We do generate correct signatures. So what we're doing is authenticating ourselves well to the other side, we just aren't that particular about their responses. > > No matter what, the code is a step in the right direction. > > Absolutely, and as soon as it actually checks that it is getting > properly signed packets, there should be no reason not to turn it > on. Meanwhile, I am not sure we should be telling people to use it. Did you miss this part of the commit message? Committed as-is for further testing between a NetBSD BGP speaker (e.g., quagga) and industry-standard BGP speakers (e.g., Cisco, Juniper). Seems rather clear that it's still in the testing stages... Take care, Bill
Attachment:
pgpE7qIDSQKFB.pgp
Description: PGP signature