On Wed, 15 Sep 2004, Ian Grigg wrote: > The whole point of the CA model is that there is no prior > relationship and that the network is a wild wild west sort > of place - both of these assumptions seem to be reversed > in the backbone world, no? So one would think that using > opportunistic cryptography would be ideal for the BGP world?
If I remember correctly, the TCP MD5 option field was designed for securing BGP traffic, using the shared secret approach. I was also thinking about "borrowing" this feature for things like announcement of additional features, eg. the possibility of opportunistic encryption, in eg. the TCP/SYNACK packets. There's space for 16 bytes of magic numbers.