North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Internet failures over the next 3 years - slight tangent

  • From: Andrew Lange
  • Date: Tue Jun 22 19:05:08 1999

On Tue, 22 Jun 1999, Tim Wolfe wrote:
> >    - Critical Internet control software and systems
> I am not a router vendor, but it seems that adding some sort of auth key to
> BGP (similar to the auth system of OSPF) wouldn't be all that difficult. 
> You could specify a key for each peer.

There is already a option in the BGP OPEN message to add authentication on
a BGP session.  However, the RFC doesn't specify an authenitcation method
to use.  Of course securing the level 4 BGP session without securing the
underlying TCP session is a weakness, so there is a proposal to implement
an MD5 TCP authentication method.  Does anyone know the status of this

Andrew Lange
UUNET - Ann Arbor
[email protected]