On Wed, 26 Dec 2018 13:36:49 -0500, Bjørn Mork <bj...@mork.no> wrote: > > Chris Morrow <morr...@ops-netman.net> writes: > > On Sun, 23 Dec 2018 16:15:24 -0500, > > Melchior Aelmans <melch...@aelmans.eu> wrote: > >> > >> Hi Pyxis, > >> > >> On Sat, Dec 22, 2018 at 8:58 AM Pyxis LX <pyxi...@gmail.com> wrote: > >> > >> > Does JUNOS support any secure transports mentioned in RFC6810 for > >> > rpki-rtr > >> > protocol? (SSHv2/IPsec or TLS for rpki-rtr-tls?) > >> > > >> > >> We are discussing internally what secure transport method to support. I'm > >> happy to hear your ideas. > > > > 'tcp-ao' - yes... srsly. > > Huh? Why? No support on any server OS, AFAIK. Yes, there were patches > for FreeBSD and Linux a few years ago, but I don't think they went > anywhere? This will severely limit the usability.
there's no support elsewhere because no one that cares (you, me, network people) can get vendors to deploy AO. There's no support in network devices because there's no support in linux/etc ... this is a pretty horrid place to be :( so, if folk want to put AO into junos for this, we can get it for the other vendors and for other parts of each vendor's problem-space... and along the way we'll get it for linux/*bsd (I expect). > Let's have ssh, and optionally tls. We need something we can run on a > server today. Not 8 year old foilware. ssh isn't in the right form on pretty much any vendor's device, so said the vendor implementers many times during rpki-rtr development/process. (hannes gredler, jeff haas, several cisco folks as well). tls brings with it cert issues. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
