> FYI: As far as I can tell, OSPF is using manual key management for case we > are talking about
1. we actively discourage anyone from doing manually keying... since around 20 years ago. OSPF w/manually keyed IPsec would instantly fail a SecDIR review if published today. 2. so... manually keyed AH for OSPF ==> essentially nobody is going to do this. You have to rekey it every ~2^31 packets (or sooner). (Maybe some military with grunts to do the rekeying from a console. We heard about this kind of thing for MACsec, but at least, they were providing authentication material for an AKE) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
