[e2e] Receiving RST on a MD5 TCP connection.

RJ Atkinson rja at extremenetworks.com
Fri Jul 1 10:12:27 PDT 2005


On Jul 1, 2005, at 12:20, Mitesh Dalal wrote:
> On Thu, 30 Jun 2005, Joe Touch wrote:
>> Another point along these lines - if you had a secure connection with
>> another host, then the host reboots and 'forgets' the security
>> altogether (i.e., doesn't reestablish keys), it shouldn't be able to
>> reset the old connection anyway.
>>
>
> and why would that be Joe ? By saying so you have no love for network
> reliability. Do you know networks can go down if MD5 enabled LDP
> connection cannot recover from this problem and rely on timeouts
> to recover ? Do you know the same thing can happen to BGP ?
> Security shouldnt come at the cost of reliablity!
>
> Mitesh

Mitesh,

     I think the point is that if one wants a reliable network,
one should deploy BGP implementations that will not forget the
security state across a reboot.  Operating with security turned
off is a recipe for intrusions that cause reliability problems
(for reasons explained earlier in this thread).

Cheers,

Ran
rja at extremenetworks.com




More information about the end2end-interest mailing list