Eliot
On 05.01.2026 02:08, Michael Richardson wrote:
FYI: As far as I can tell, OSPF is using manual key management for case we are talking about1. we actively discourage anyone from doing manually keying... since around 20 years ago. OSPF w/manually keyed IPsec would instantly fail a SecDIR review if published today. 2. so... manually keyed AH for OSPF ==> essentially nobody is going to do this. You have to rekey it every ~2^31 packets (or sooner). (Maybe some military with grunts to do the rekeying from a console. We heard about this kind of thing for MACsec, but at least, they were providing authentication material for an AKE) -- Michael Richardson<[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] List Info:https://mailman3.ietf.org/mailman3/lists/[email protected]/ --------------------------------------------------------------------
OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
