On Tue, Jan 10, 2012 at 09:01:35AM +0100, Borja Marcos wrote: > > On Jan 10, 2012, at 12:01 AM, Claudio Jeker wrote: > > > Since it is possible to add MD5 for neighbors on config reload and the > > listening sockets are normaly not closed and reopened on config reload it > > was the easiest to set the MD5 option on all listening sockets no matter > > what (especially since at that time OpenBSD was the only BSD doing TCP MD5 > > and the always enable was there from the beginning (actually the MD5SUM > > support was done for/with OpenBGPD). > > I see, so then the TCP stack should only set and check MD5 signatures > provided there's a matching CPD entry. Otherwise, using a random key > doesn't make sense at all. Right? ;) >
Yes. A random key never makes sense since TCP MD5 works with a shared secret. -- :wq Claudio _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
