All the multiple keys do is to decrease the cost of the DOS. Yes
let's try to remember that, in reality, this is all about allowing two bgp peers to move to a new key without having the operators on the phone to keep the bgp session from resetting. i.e., o it will be uncommon that there is more than one key active at any one time o it is not expected that there are more than two, current and new (soon to be current and old:-) active at any one time smb is proposing a simple, compatible, unilaterally implementable, and unilaterally deployable hack to solve a real ops problem. the RSs aside, a lot of very big and small networks use tcp/md5 on their bgp sessions, and key roll is a major pita and therefore a serious barrier to good key hygiene. randy