> On Apr 16, 2020, at 9:55 AM, Susan Hares <[email protected]> wrote: > > Joe: > > I have come to the same conclusion that an open-source TCP-AO is the next > step for TCP-AO. > > I still hoping for some fairy dust ... to fix the BGP TCP security problem. > If you have any ... let me know
We have a fix for the security problem. What we lack is a fix for the freeloader problem. Other than declaring TCP MD5 a hazard and actively abandoning it, there’s too much of a fallback. One step might be for the IETF to prohibit support for TCP MD5 in all new work - e.g., there’s pending work in TCPM to develop a YANG model that includes MD5 “for legacy support”, but that only serves to feed the problem. But a new solution isn’t going to make freeloading easier. Joe _______________________________________________ Taps mailing list [email protected] https://www.ietf.org/mailman/listinfo/taps
