[j-nsp] About Secure Transport for RPKI on JUNOS
Jared Mauch
jared at puck.nether.net
Wed Dec 26 16:57:33 EST 2018
> On Dec 26, 2018, at 2:11 PM, sthaug at nethelp.no wrote:
>
>>>> We are discussing internally what secure transport method to support. I'm
>>>> happy to hear your ideas.
>>>
>>> 'tcp-ao' - yes... srsly.
>>
>> Huh? Why? No support on any server OS, AFAIK. Yes, there were patches
>> for FreeBSD and Linux a few years ago, but I don't think they went
>> anywhere? This will severely limit the usability.
>>
>> Let's have ssh, and optionally tls. We need something we can run on a
>> server today. Not 8 year old foilware.
>
> Now if Juniper could implement TCP-AO and then donate the implementation
> to FreeBSD? :-)
A few of us could do the TCP-AO work in Linux/*BSD but I know which kernel team will reject it as “not implemented by core team” based on my experience.
- Jared
More information about the juniper-nsp
mailing list