>> i have always been fond of rfc 4808 and not the unnecessarily complex >> alternatives such as tcp-ao. > sure... but to do this you have to be able to program the keys from > the platform the SFP is plugged into.. .not via the sfp itself > (outside the chassis)
i was advocating the general method, prepping key roll, not the particular use in md5 tcp randy
