What is TCP-AO and why is it preferred over TCP-MD5 in modern deployments?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What is TCP-AO and why is it preferred over TCP-MD5 in modern deployments?

Explanation:
The main idea is that TCP-AO provides stronger authentication for the TCP session used by BGP and offers better key management, which is why it’s preferred over TCP-MD5 in modern setups. BGP runs over TCP, and protecting that session from tampering or impersonation hinges on strong TCP-level authentication. TCP-MD5 relies on the MD5-based HMAC, which has well-known weaknesses and limited key-management capabilities. TCP-AO introduces modern cryptographic options and more flexible key handling: it supports stronger and multiple algorithms (for example, newer HMAC variants), allows rotating and distributing keys per neighbor, and enables algorithm agility so weak ciphers can be retired over time without breaking sessions. This combination improves security and operational scalability in large networks. So, the reason this option is best is that TCP-AO brings stronger cryptography and better key management, making it the recommended choice for newer deployments. It’s not limited to IPv6, and it doesn’t replace BGP itself; it protects the BGP session, not the routing protocol itself.

The main idea is that TCP-AO provides stronger authentication for the TCP session used by BGP and offers better key management, which is why it’s preferred over TCP-MD5 in modern setups. BGP runs over TCP, and protecting that session from tampering or impersonation hinges on strong TCP-level authentication. TCP-MD5 relies on the MD5-based HMAC, which has well-known weaknesses and limited key-management capabilities. TCP-AO introduces modern cryptographic options and more flexible key handling: it supports stronger and multiple algorithms (for example, newer HMAC variants), allows rotating and distributing keys per neighbor, and enables algorithm agility so weak ciphers can be retired over time without breaking sessions. This combination improves security and operational scalability in large networks.

So, the reason this option is best is that TCP-AO brings stronger cryptography and better key management, making it the recommended choice for newer deployments. It’s not limited to IPv6, and it doesn’t replace BGP itself; it protects the BGP session, not the routing protocol itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy