-
-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TCP-AO #630
Comments
TCP-AO needs to be implemented by the TCP stack, so this it not something that Routinator can implement on its own. If the underlying socket library supports TCP-AO, then we are not opposed to supporting it as well. However, I am a bit wary that each OS uses a different mechanism to enable and configure it and this will become a bit of a portability nightmare. That all said, I am not entirely convinced that TCP-AO is the right choice for RTR connections. These connections should only exist within the management network which should be secured against the kind of interference TCP-AO protects against. Inter-site connections, meanwhile, need to be properly secured which would require the use of TLS or SSH. Am I missing something? |
I'm happy to report an initiative has started to (finally) get this work done. The scope of work has been defined (BSD and Linux implementation) and the next step is to secure funding including applying with the RIPE NCC Community Projects Fund. |
@partim As part of the work I'm proposing together with @maelmans et al, I intend to keep the socket layer as common as possible between platforms (Linux, BSD). My proposal specifically includes support for BSD and Linux precisely to avoid portability nightmares. Having said that, if our proposal is accepted, you can expect a patch from me to add support to routinator. :) |
Is routinator planning to support TCP-AO for RTR connections ?
The text was updated successfully, but these errors were encountered: