Once upon a time, Keith Medcalf <kmedcalf@dessus.com> said:
I believe that an endpoint (lets call it Alice) can connect to another endpoint (lets call it Bob) and Alice can say to Bob, "Hello Dude, lets negotiate a secret key between us". "Yokkely dokelly", says Bob, "Lets do that". They then exchange some stuff to and fro and then Alice says "Righty then, lets encrypt!" and Bob says, "Yabba Doodle Doo".
At this point further communications are encrypted and secure against eavesdropping. Alice still has no idea who she is talking to (other than it is the dude that picked up the phone), and Bob has no idea who he is talking too other than the fact it is whoever rang him up.
But if Alice and Bob don't know that they're talking to each other, they could already be being eavesdropped on. Chuck could have answered Alice's call, turned around and called Bob, connected the two, and be listening in (and potentially even modifying communications between Alice and Bob). This is why encryption without some type of endpoint authentication is not secure. I could see BGP over TLS requiring each end sharing a CA public cert in advance - this would allow each end to re-gen keys at will. The BGP config could easily limit a particular peer to a particular CA (so when I peer with Google, they send me or otherwise publish their BGP CA, and I limit my Google peers to that CA). This could replace trying to securely share MD5 keys today - a BGP CA could be published (possibly even at RIRs). -- Chris Adams <cma@cmadams.net>