[c-nsp] BGP MD5 DDOS ?
Robert E. Seastrom
rs at seastrom.com
Tue Sep 18 21:42:27 EDT 2012
"Dobbins, Roland" <rdobbins at arbor.net> writes:
> On Sep 16, 2012, at 7:05 PM, Robert E. Seastrom wrote:
>
>> An extra knob, an extra data point to be collected, managed, (and possibly get wrong) as a proxy for "are you sure? [y/N]" is a huge step away from goodness.
>
> Given that the consequences of getting it wrong are just, "Oops, I
> forgot to configure the MD5 key" vs. the possible consequences of
> bringing up a new peer without sufficient preparation and
> safeguards, I'll take the configuration entropy hit every time.
You forgot the consequences of getting some other element of the
config wrong because you were preoccupied with the MD5 key.
I'll take simplicity every time.
-r
More information about the cisco-nsp
mailing list