10 Jun
2015
10 Jun
'15
9:44 a.m.
folk have different threat models. yours (and mine) may be propagation of router compromise. for others, it might be a subtle increase in disclosure of router links. contrary to your original assertion, the protocol supports both.
The increased disclosure is not "subtle." The alternate -- deploying a new key to every eBGP speaker in your network while the security of all your routes is compromised, isn't so "subtle" either. It's a bad tradeoff in either direction -- typical of solutions that ask the wrong questions in the first place. Russ