Last week I sent out some numbers on MD5 proliferation among Packet Clearing House's peers, did some speculation about what this meant for the rest of the Net, and asked for numbers from other sources. At PCH, we had 12% of sessions configured as MD5. We had been responding to requests from peers, but not making any requests of our own. I speculated that if this meant 12% of peers were making such requests, and all peers were complying with the requests, that would mean 22% of peering sessions had MD5 configured. I got responses from six other networks, ranging from one of the traditional tier 1s with 734 peering sessions to a small ISP with five. In total, I heard about 1,226 sessions, of which 458, or 37%, had been configured for MD5. As expected, there are two very different percentage groups based on whether the network has been asking their peers to configure MD5. Among those who have been requesting MD5 from their peers, 49% have been converted (if I exclude the tier 1, that climbs to 86%). Among those who haven't been requesting MD5 from their peers, the average MD5 proliferation is 13%. I'm a little unsure how to interpret the rates for those who have been requesting that their peers configure MD5, due to a huge spread. The tier 1 who responded had 44% configured. Another response, which couldn't be included in my averages due to a lack of specific numbers, said 49%. On the other end of the spectrum were two reports, one from a small ISP that had gotten four out of five, and one from a larger ISP that had gotten 78 of 90, for 86%. I'm going to stick to my 49% number for now, but I'm still interested in seeing more data. To do the same math I did last week, with the revised numbers: If 13% of peers are making MD5 requests, that should mean MD5 requests have been made for 24% of peering sessions. If 49% of those requests are being complied with, that should mean about 12% of peering sessions are now configured for MD5. -Steve