[j-nsp] About Secure Transport for RPKI on JUNOS
Chris Morrow
morrowc at ops-netman.net
Wed Dec 26 10:46:01 EST 2018
On Mon, 24 Dec 2018 02:38:35 -0500,
Melchior Aelmans <melchior at aelmans.eu> wrote:
>
> Hi Chris,
>
> > Op 24 dec. 2018 om 05:11 heeft Chris Morrow <morrowc at ops-netman.net> het volgende geschreven:
> >
> > On Sun, 23 Dec 2018 16:15:24 -0500,
> > Melchior Aelmans <melchior at aelmans.eu> wrote:
> >>
> >> Hi Pyxis,
> >>
> >>> On Sat, Dec 22, 2018 at 8:58 AM Pyxis LX <pyxislx at gmail.com> wrote:
> >>>
> >>> Does JUNOS support any secure transports mentioned in RFC6810 for rpki-rtr
> >>> protocol? (SSHv2/IPsec or TLS for rpki-rtr-tls?)
> >>>
> >>
> >> We are discussing internally what secure transport method to support. I'm
> >> happy to hear your ideas.
> >
> > 'tcp-ao' - yes... srsly.
>
> Im in favor but why do you think AO is the way to go? It seems SSH
> and TLS have gained more support? Let me know your ideas.
jared/gert covered most of this, but:
I think things like TLS bring along with them certificate management
issues. Some folk have infrastructure to deal with this, some do not.
SSH is not, often, in the right form for devices to use as a library
versus as 'spin up an ssh connection and tunnel over that' mode.
there's the config management parts jared/gert pointed out as well.
and finally... md5 is dead #sosayssecuritypeople so.. let's do
something to move along AO? I'm not a huge AO fan, but it's 'the only
thing left' in the 'make tcp secure again' space.
thanks!
-chris
More information about the juniper-nsp
mailing list