I am encouraging my local ISP/consortium (www.oshean.org) to utilize MD5 auth for BGP, but have been unsuccessful so far. The most difficult challenge I face there is convincing people of the "need" with the lack of a published exploit that the MD5 authentication would prevent. So much for best practices. <sigh> -Joshua Wright Team Leader, Networks and Systems Johnson & Wales University Joshua.Wright@jwu.edu pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73 fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
-----Original Message----- From: Barbara Fraser [mailto:byfraser@cisco.com] Sent: Monday, June 03, 2002 7:48 PM To: nanog@merit.edu Subject: route authentication
I'm wondering just how many ISPs are using HMAC-MD5 to authenticate IS-IS route advertisements within their ASs, or MD5 on BGP peering sessions? I don't need a real number, just a sense of the community. Is usage increasing? is it dead? is it regional? etc. Any anecdotal info you have is appreciated. I don't need names of ISPs, just whether or not these technologies are being used.
thanks, Barbara Barbara Fraser Consulting Engineer Cisco Systems, Inc. Phone: +1 (408) 525-1735