BGP security in practice

I didn't say that MD5 would solve the configuration problems, but
that the fact that just mis-configuration errors can cause lots of
damage should clue people into the fact that the protocol has
vulnerabilities to deliberate attack.

Every protocol is vulnerable if the principals are mis-configured (i.e. do not
follow the protocol).

The protocol for crossing a busy street at the light involves checking for
the green light before crossing the street. A mis-configured principal checks
the light, ignores red or yellow, and immediately crosses. Does it mean that
the protocol is broken or does it mean that a principal is broken?

Alex

P.S. In this specific case I am strictly looking at "misconfiguration causes
problems" implies brokenness of the protocol.

Yes, but... A protocol in which principal A's misconfiguration can
seriously harm principle B is more broken than one in which it
cannot. That's why the protocol for crossing a busy street includes
"In addition to the light status, look for actual moving vehicles."
That way, you don't get run over by someone else's misconfiguration.

Time for a new metaphor, methinks.

There's one. Defensive networking

--vadim