[j-nsp] About Secure Transport for RPKI on JUNOS

Jared Mauch jared at puck.nether.net
Wed Dec 26 16:57:33 EST 2018



> On Dec 26, 2018, at 2:11 PM, sthaug at nethelp.no wrote:
> 
>>>> We are discussing internally what secure transport method to support. I'm
>>>> happy to hear your ideas.
>>> 
>>> 'tcp-ao' - yes... srsly.
>> 
>> Huh? Why? No support on any server OS, AFAIK.  Yes, there were patches
>> for FreeBSD and Linux a few years ago, but I don't think they went
>> anywhere? This will severely limit the usability.
>> 
>> Let's have ssh, and optionally tls. We need something we can run on a
>> server today.  Not 8 year old foilware.
> 
> Now if Juniper could implement TCP-AO and then donate the implementation
> to FreeBSD? :-)

A few of us could do the TCP-AO work in Linux/*BSD but I know which kernel team will reject it as “not implemented by core team” based on my experience.

- Jared


More information about the juniper-nsp mailing list