[j-nsp] About Secure Transport for RPKI on JUNOS
Jared Mauch
jared at puck.nether.net
Mon Dec 24 07:16:55 EST 2018
> On Dec 24, 2018, at 2:38 AM, Melchior Aelmans <melchior at aelmans.eu> wrote:
>
> Hi Chris,
>
>> Op 24 dec. 2018 om 05:11 heeft Chris Morrow <morrowc at ops-netman.net> het volgende geschreven:
>>
>> On Sun, 23 Dec 2018 16:15:24 -0500,
>> Melchior Aelmans <melchior at aelmans.eu> wrote:
>>>
>>> Hi Pyxis,
>>>
>>>> On Sat, Dec 22, 2018 at 8:58 AM Pyxis LX <pyxislx at gmail.com> wrote:
>>>>
>>>> Does JUNOS support any secure transports mentioned in RFC6810 for rpki-rtr
>>>> protocol? (SSHv2/IPsec or TLS for rpki-rtr-tls?)
>>>>
>>>
>>> We are discussing internally what secure transport method to support. I'm
>>> happy to hear your ideas.
>>
>> 'tcp-ao' - yes... srsly.
>
> Im in favor but why do you think AO is the way to go? It seems SSH and TLS have gained more support? Let me know your ideas.
I’m not in favor of having to do certificate revocation etc on my routers with TLS. Key management is also an issue with SSH and the vendors don’t expose these knobs in the regular configuration systems nor provide good tools for interaction with the filesystem.
If you want to tackle those parts as well, then I think TLS/SSH would be ok.
- Jared
More information about the juniper-nsp
mailing list