>>> - section 9: What's the background to removing the statement >>> that one of TCP-AO ssh etc SHOULD be used? What is the reality >>> of deployments here? I assume it is not TCP-AO anyway but does >>> TLS or SSH get used? >> >> TCP-AO never maaterialized. >> >> off-hand, i can not think of a way to measure who is using what, but i >> have this horrible suspicion it's all "it's all inside our domain of >> control, so let's just run nekkid." > > Yeah that's the concern. If the answer was "seems mostly folks > use ssh" (or tls, or ipsec, whatever), I'd have asked if we > could get away with at least a SHOULD-use for that. > > Such encouragement would be good IMO, if it's non-fiction.
i hack routers and servers daily to keep from becoming a complete bs artiste. so of course i tried setting up and running each transport. ssh was painful; key-based did not work for many platforms, ... no AO on any platform i could find. no TLS client side support. and there is a special hell where you have to do a device-diverse deployment of ipsec once a day ( smb has a student who did a good paper on this). luckily, ipv6 comes with secure transport built in. oh wait. i fear we are in yet another case of security software is not easy to use so we shift the blame to the user. we've gotten good at that. i think that all this is designed to make me happy to go back to hacking on a paper in latex. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
