On Fri, Jun 3, 2011 at 5:33 PM, Uma Chunduri <[email protected]> wrote: > > > -----Original Message----- > From: John Scudder [mailto:[email protected]] > Sent: Friday, June 03, 2011 1:53 PM > To: Uma Chunduri > Cc: Christopher Morrow; [email protected]; [email protected]; Sean Turner; > [email protected]; Rob Austein > Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? > > On Jun 3, 2011, at 4:23 PM, Uma Chunduri wrote: >> True, privacy through SSH is overkill but strong AUTH is *critical*, I feel: >> - TCP-MD5 should not be considered (as it is any ways deprecated and >> it's MD5) > > What specifically do you mean by "should not be considered"? > > [Uma] I responded in other e-mail. No protection is better than weak > protection.
to keep the thread clear: "Define Weak" -chris <co-chair-bangle-bracelent==on> >> - TCP-AO has only slight advantage as it has less overhead than ipsec-AH >> even when >> deployed with manual keys >> - but it's better if it is "MUST support authentication of nodes >> with TCP-AO or ipsec-AH" because > > The drawback of saying "MUST support A or B" is that two implementations may > be formally compliant yet not interoperable. That would obviously be > undesirable (to say the least). IMO the spec should pick one mandatory one > while leaving open the option to support others. > > [Uma] True. Then probably TCP-AO. But ipsec-AH can give tough challenge as > it's relatively > old and more readily available than AO (also understood better as it is > already deployed > else where). > -Uma > > --John _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
