Hi Mike, On 28/08/2019 02:51, Michael StJohns wrote: > > I'm wondering if that's more a question of education of the end user > rather than the availability of an implementation. I got curious and > googled TCP-AO implementations and got > > https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/security/b-ncs5500-system-security-cli-reference/b-ncs5500-system-security-cli-reference_chapter_010.html#wp2845038086 > > > and > > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-authentication.html > > so at least for BGP there appears to be actual shipping code that > includes TCP-AO as one of its security pillars. Yep, IIUC there are some implementations but no real deployment. I think part of that was due to a lack of implementation on some systems, not sure of the details though. And some people were also I think trying to improve that implementation situation, so maybe they've made progress which'd be great. Even so, whenever I've spoken with router people they always seem to consider TCP-AO as mythical security. Cheers, S.
Attachment:
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
