> Or we should figure out how to make this easy to work. But there's > also operational consequences like impact on various high availability > solutions.
and ipsec has the same session problems with HA >> thanks to browsers, email, and a hoard of other apps, tls is what is >> deployed and therefore more easily deployable. it ain't perfect, but >> not much we do is. and it beats the crap outta ipsec, which was <insert >> sick ietf sec behavior here> and then frozen in time. > > One would hope. Mostly, I'd look for stability and low bug counts in a > layer I'd want to use in code. > As I said, who's willing to sign your network up to run secured BMP? as i said, after it shakes out in the lab, definitely. but bmp does not even shake out yet. > The routing ecosystem has pushed itself toward goals of zero downtime, > centralization of resources with the dire consequences when there are > service interruptions. > > Is it any wonder why security, which doesn't offer any immediate > benefit (again, remember I understand what is Right and Why) and may > have destabilizing impact is constantly pushed out of the game? once upon a time the X folk made these arguments, for many values of X, e.g. http, imap, pop, ... it's time to grow up. the internet is a very hostile environment. randy _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
