North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: key change for TCP-MD5

  • From: Iljitsch van Beijnum
  • Date: Tue Jun 20 15:32:58 2006

On 20-jun-2006, at 21:12, Bora Akyol wrote:

The draft allows you to have a set of keys in your keychain and
the implementation tries all of them before declaring the segment
as invalid.

No time synchronization required. No BGP message required.
What if we agree to change the key on our BGP session, I add the new key on my side and start sending packets using the new key, while you don't have the new key in your configuration yet?