+1 --- unfortunately for the social engineering on TCP-MD5 Freeloading does not having impeding crisis requiring BGP peer to have social distance from non-secure peer. (smile) Sue -----Original Message----- From: Joseph Touch [mailto:touch@xxxxxxxxxxxxxx] Sent: Thursday, April 16, 2020 1:11 PM To: Susan Hares Cc: last-call@xxxxxxxx; ops-dir@xxxxxxxx; draft-ietf-taps-transport-security.all@xxxxxxxx; taps@xxxxxxxx Subject: Re: [Last-Call] [Taps] Opsdir telechat review of draft-ietf-taps-transport-security-11 > On Apr 16, 2020, at 9:55 AM, Susan Hares <shares@xxxxxxxx> wrote: > > Joe: > > I have come to the same conclusion that an open-source TCP-AO is the > next step for TCP-AO. > > I still hoping for some fairy dust ... to fix the BGP TCP security problem. > If you have any ... let me know We have a fix for the security problem. What we lack is a fix for the freeloader problem. Other than declaring TCP MD5 a hazard and actively abandoning it, there’s too much of a fallback. One step might be for the IETF to prohibit support for TCP MD5 in all new work - e.g., there’s pending work in TCPM to develop a YANG model that includes MD5 “for legacy support”, but that only serves to feed the problem. But a new solution isn’t going to make freeloading easier. Joe -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call