Hi, Wes, On 6/29/2011 9:16 AM, George, Wesley wrote:
I think we're a little light on text in 7 now that we've added so many options. I think it would be helpful to provide some rationale as to why AO is preferred over the other methods, why they are considered a secondary option, etc. IOW, why *shouldn't* I just keep using TLS or SSH transport? Why is AO actually better/eventually
> mandatory to implement? Multiple members of this WG had strong > opinions, we should be documenting our reasoning. Convince the reader > that they should be yelling at YFV for AO support...
I agree it would be useful to explain this, e.g., that the reason is that TLS/SSH doesn't protect the transport layer from interruption (even if such interruption is recoverable).
7.3 regarding MD5. At the very least, there should be a note that TCP-MD5 has been obsoleted by TCP-AO.
Agreed. And that the reason for its use is support for legacy systems where TCP-AO is not yet available, as per the AO RFC.
Joe _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
