Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures

[sandy@tislabs.com (Sandy Murphy)]

>Considering the BGP+TCP-MD5 is considered 'secure enough' by the  
>people around these days, while it is in truth about as secure as  
>sending data in envelopes made of clear plastic, I don't think this  
>system needs to be more ambitious if it means orders of magnitude  
>worse performance.

I lurk here occasionally, but I had to chime in on this one.

TCP MD5 protects the links between routers.  It does nothing at all,
de nada, zero, zip, about protecting what the routers
say.  (What's more, it is cryptographically unsophisticated and
outmoded.)

There's the SIDR wg looking at providing authentication and authorization
for what the routers say in their BGP updates.

There's the work in TCPM wg looking at a better alternative to TCP MD5.

I don't know which failing of TCP MD5 you mean when you say "about
as secure as sending data in envelopes made of clear plastic".  That
sounds like a reference to a need for confidentiality. Neither SIDR
nor TCPM is looking at needs for confidentiality.

--Sandy

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg