On Mon, 3 Jun 2002, Barbara Fraser wrote:
I'm wondering just how many ISPs are using HMAC-MD5 to authenticate IS-IS route advertisements within their ASs, or MD5 on BGP peering sessions? I don't need a real number, just a sense of the community. Is usage increasing? is it dead? is it regional? etc. Any anecdotal info you have is appreciated. I don't need names of ISPs, just whether or not these technologies are being used.
Some ISPs are practically religious about using them, usually the result of a single person at the ISP pushing it. But for the most part it hasn't really taken hold in the professional security consulting field. They are still stuck on stuff like turning off classless (CIDR) IP routing and source routing because the NSA said so. My experience (before this spring) was a handful of ISPs (single digits) regularly used MD5 on their routers for BGP routing. On a case by case basis you can get most ISPs to setup MD5 on your particular BGP session, once you found the right engineer. But it was rarely included as part of the default configuration, and therefor rarely done.