On Mon, 24 Dec 2018 02:38:35 -0500, Melchior Aelmans <[email protected]> wrote: > > Hi Chris, > > > Op 24 dec. 2018 om 05:11 heeft Chris Morrow <[email protected]> het > > volgende geschreven: > > > > On Sun, 23 Dec 2018 16:15:24 -0500, > > Melchior Aelmans <[email protected]> wrote: > >> > >> Hi Pyxis, > >> > >>> On Sat, Dec 22, 2018 at 8:58 AM Pyxis LX <[email protected]> wrote: > >>> > >>> Does JUNOS support any secure transports mentioned in RFC6810 for rpki-rtr > >>> protocol? (SSHv2/IPsec or TLS for rpki-rtr-tls?) > >>> > >> > >> We are discussing internally what secure transport method to support. I'm > >> happy to hear your ideas. > > > > 'tcp-ao' - yes... srsly. > > Im in favor but why do you think AO is the way to go? It seems SSH > and TLS have gained more support? Let me know your ideas.
jared/gert covered most of this, but: I think things like TLS bring along with them certificate management issues. Some folk have infrastructure to deal with this, some do not. SSH is not, often, in the right form for devices to use as a library versus as 'spin up an ssh connection and tunnel over that' mode. there's the config management parts jared/gert pointed out as well. and finally... md5 is dead #sosayssecuritypeople so.. let's do something to move along AO? I'm not a huge AO fan, but it's 'the only thing left' in the 'make tcp secure again' space. thanks! -chris _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
