On Dec 20, 2011, at 8:17 PM, Warren Kumari wrote: > > Unfortunately not all OSs support TCP-AO…. Well then, it seems that, as routers already support SSH it should be simple to wrap a TCP stream, yes? Unfortunately no -- not all implementations have a simple library type model. Same things for IPSec / TLS, etc. Given that this would seem to be an underpinning element of a next-generation system aiming to enable more secure routing, we don't have to be fully constrained by what we can cobble together and support in a couple repurposed lab boxes, methinks. If that's indeed the case then perhaps we should consider why routers are establishing persistent transport connections to OSs and can't speak to one another in a secure manner. -danny _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf