The article linked says no mainstream BGP implementation supports TCP-AO. IOS-XE and IOS-XR support it.
While I do not represent the Cisco view, personally I like the idea of BGP over TLS. Regards, Jakob. -----Original Message----- Date: Mon, 21 Oct 2019 19:21:03 +1100 From: Julien Goodwin <na...@studio442.com.au> On 21/10/19 6:30 pm, Bjørn Mork wrote: > Christopher Morrow <morrowc.li...@gmail.com> writes: > >> isn't julien's idea more akin to DOT then DOH ? > > Yes, and I really like Julien's proposal. It even looks pretty > complete. There are just a few details missing around how to make the > MD5 => TLS transition smooth. At least for those systems that run on Linux (which is most all of the major's except Juniper) I suspect if we went to the relevant kernel folk with a clear plan on how handling TCP-MD5 in a way that would make transitions much easier they'd listen. The troll response at the top of my post was actually based on a response from one of the kernel folk, who dislike TCP options even more than network operators. > Sorry for any confusion caused by an attempt to make a joke on DoH. I > didn't anticipate the sudden turn to serious discussion :-) Which > obviously was a good one. I am all for BGP over TLS, so let's discuss > https://laptop006.livejournal.com/60532.html If anyone is at all interested in this I'm happy to discuss and flesh out anything that's not clear. After I wrote this (over a few bottles of red on the flight to linux.conf.au this year) I sent it to a bunch of people that had expressed interest, including a few BGP implementations, but nobody bit.