[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP over TLS

Subject: BGP over TLS
From: adamv0025 at netconsultings.com (adamv0025 at netconsultings.com)
Date: Wed, 23 Oct 2019 15:42:58 +0100
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

> Sent: Tuesday, October 22, 2019 8:26 PM
> To: Keith Medcalf <kmedcalf at dessus.com>
> 
> No,
> 
> 
> > On Oct 22, 2019, at 2:08 PM, Keith Medcalf <kmedcalf at dessus.com>
> wrote:
> >
> > At this point further communications are encrypted and secure against
> eavesdropping.
> 
> The problem isn't the protocol being eavesdropped on. The data is already
> published publicly by many people.
> 
> The problem is one of mutual authentication and authorization of the
> transport.
> 
Yes the information is public but if the routing information exchanged over
a given peering session is tempered with that could potentially cause some
problems right?

But then again, as Jeff mentioned, with GTSM this vector is limited to a
local link between two eBGP speakers (or whole IGP domain for iBGP sessions
but let's leave that one out for now).
So move from bilateral peering over common IX-LAN to direct peering 
Or if a direct link is still not to be trusted do MACSEC.
Then it's all about you and the peer -if he/she screws you over de-peer.

adam

Follow-Ups:
- BGP over TLS
  - From: ahebert at pubnix.net (Alain Hebert)
- BGP over TLS
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- BGP over TLS
  - From: kmedcalf at dessus.com (Keith Medcalf)
- BGP over TLS
  - From: jared at puck.nether.net (Jared Mauch)

Prev by Date: vz deep routing clue?
Next by Date: Request comment: list of IPs to block outbound
Previous by thread: BGP over TLS
Next by thread: BGP over TLS
Index(es):
- Date
- Thread