[c-nsp] BGP MD5 DDOS ?
Dobbins, Roland
rdobbins at arbor.net
Sun Sep 16 11:07:44 EDT 2012
On Sep 16, 2012, at 7:05 PM, Robert E. Seastrom wrote:
> An extra knob, an extra data point to be collected, managed, (and possibly get wrong) as a proxy for "are you sure? [y/N]" is a huge step away from goodness.
Given that the consequences of getting it wrong are just, "Oops, I forgot to configure the MD5 key" vs. the possible consequences of bringing up a new peer without sufficient preparation and safeguards, I'll take the configuration entropy hit every time.
;>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list