> 1) use md5 (as a MUST, with ssh as a MAY) and rev the doc at a later > point to say that AO is a MUST and remove md5 > 2) move this doc along the path > 3) get implementations of the protocol today to start using md5
the base problem is a conflict between having and liking running code and that the transport coverage is not what we would want in the long run. we now have running code from all major players in the game (junos, ios, and ios/xr) which use cleartext. while this is clearly not desirable, we wanted running code while the ietf did rinse repeat for as long as amused it. and we have cleartext server code on many unix and unix-wannabe platforms. there is also ssh server code on thos platforms. one of the three major vendor platforms is testing ssh now. the others are probably hoping this ssh thing will go away. :) in 2012, we will probably see AO on most router platforms. this will be driven as much or more by bgp's needs as rpki-rtr's. unfortunately, server implementations are likely to trickle in more slowly. so, in the long run, we can do the 'right' thing, presuming fashions do not change. but, in the meantime, running code trumps. so the doc will probably stay as it is, most stuff will run over cleartext as ssh will be slowly deploying. next rev, we can go AO as mandatory. no, i do not like this. but i am running the validation stuff and am not writing code, so i ain't complainin' too much. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
