15 Sep
2004
15 Sep
'04
8:34 p.m.
On Wed, 15 Sep 2004, Ian Grigg wrote:
The whole point of the CA model is that there is no prior relationship and that the network is a wild wild west sort of place - both of these assumptions seem to be reversed in the backbone world, no? So one would think that using opportunistic cryptography would be ideal for the BGP world?
If I remember correctly, the TCP MD5 option field was designed for securing BGP traffic, using the shared secret approach. I was also thinking about "borrowing" this feature for things like announcement of additional features, eg. the possibility of opportunistic encryption, in eg. the TCP/SYNACK packets. There's space for 16 bytes of magic numbers.