The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

[Isis-wg] Question on DCC Architecture

From: Randy Bush <rbush@bainbridge.verio.net>
Date: Tue, 19 Dec 2000 18:02:26 -0800
Cc: jharper@cisco.com (John Harper), truskows@cisco.com, Jonathan.Sadler@tellabs.com, james.d.carlson@east.sun.com, azinin@cisco.com, tli@procket.com, echang@pocketmail.com, isis-wg@spider.juniper.net, skatukam@cisco.com, mpls@UU.NET

>> Not true - there are BIG security advantages to not having is-is over ip.
>> It rules out a huge class of spoofing attacks to which OSPF is
>> vulnerable.
> last I checked nobody saw them

i assure you that the ops community, at least the wiser part of it, sees
them.

> And even if, running proper security in your routing protocol is a pretty
> good answer to that ...

except the beast does not exist.  md5 sigs are not considered strong.

randy

Follow-Ups:
- [Isis-wg] Question on DCC Architecture
  - From: Tony Przygienda <prz@net4u.ch>

References:
- [Isis-wg] Question on DCC Architecture
  - From: John Harper <jharper@cisco.com>
- [Isis-wg] Question on DCC Architecture
  - From: Tony Przygienda <prz@net4u.ch>