Key Establishment A new key is established on each new connection attempt A matter of intense discussion BAD Present operation uses manual keys – and will still be doing so when TCP-AO is deployed Multiple connections during instability (links/neighbors) might run through the list of configured keys – making a bad situation worse GOOD While common advice is to randomize ports and ISN in the SYN, nothing in TCP at the receiver prevents/prohibits/detects re-use So if keys are not changed for every connection, replay of an old SYN could restart connection or under the wrong conditions abort an existing connection Must deal with operational concerns -- some way to produce “enough” manual keys? |