On Dec 20, 2011, at 8:17 PM, Warren Kumari wrote:
Unfortunately not all OSs support TCP-AO…. Well then, it seems that, as
routers already support SSH it should be simple to wrap a TCP stream, yes?
Unfortunately no -- not all implementations have a simple library type model.
Same things for IPSec / TLS, etc.
Given that this would seem to be an underpinning element of a next-generation
system aiming to enable more secure routing, we don't have to be fully
constrained by what we can cobble together and support in a couple repurposed
lab boxes, methinks.
If that's indeed the case then perhaps we should consider why routers are
establishing persistent transport connections to OSs and can't speak to one
another in a secure manner.
-danny
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf