> some folks (not me) suggest that ipsec is the way to go here... (bgp I
> mean) I think one point to keep in mind is that tcp-ao has exactly
> zero implementations... while SSH implementations abound.
turns out that
o yfv may have ssh client and server, but they do not have the library
in a form usable by arbitrary apps, e.g. bgp
o no ao impls on unix, slowlaris, linuxes, ...
so i would really love to hear from the security folk if we can do
something like hmac-md5 as the mandatory to implement.
randy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
