On Sun, 18 Nov 2018 at 12:15, Alfie Pates <alfie@fdx.services> wrote:
> There's a school of thought which suggests MD5 security on single-hop BGP is > absolute theatre with no security benefit and that MACsec is the route you > should be taking. AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care about. But for iBGP I consider this a problem: Someone goes to random forest where fibre is trenched, digs it up, taps fibre until correct fibre+wave is found, then injects BGP UPDATE to change L3 MPLS VPN labels, and diverts traffic through their device while returning it safely. Seems quite cheap attack, maybe <5k, and entirely compromises MPLS security model. iBGP MD5 should protect well from this. Not arguing that MacSec isn't superior feature, it's just cost of MacSec is non-trivial compared to cost of HMAC-MD5, and it seems HMAC-MD5 for certain attacks is strong guarantee. Ideally we'd implement TCP-AO (RFC5925) to replace BGP HMAC-MD5, just to get derived secret instead of static (how many change their MD5 secret periodically?) but it looks like ship may have sailed on that one. -- ++ytti
