On Jun 6, 2011, at 10:09 AM, Stephen Farrell wrote: ... > That's why I suggested "MUST implement SSH; SHOULD implement > TCP-AO; MUST prefer TCP-AO if both available"
The penny finally dropped and I realized there is a better reason why SSH isn't desirable, and neither is TLS or any other solution layered on top of TCP: they don't protect the transport. Recall why TCP-MD5 was introduced (from RFC 2385): The primary motivation for this option is to allow BGP to protect itself against the introduction of spoofed TCP segments into the connection stream. Of particular concern are TCP resets. Any protocol layered over TCP can't address this concern. While authentication of peer identity and integrity of the transported data are even more important than transport protection per se for RPKI-RTR, it would seem prudent to assume that any threats that affect BGP may also affect RPKI-RTR. That means protecting the transport from reset attacks, and that means AO, IPSec or MD5. --John _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
