Re: Last Call: RIP-II Cryptographic Authentication to Proposed
William Allen Simpson <bsimpson@morningstar.com> Thu, 28 September 1995 13:53 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09410; 28 Sep 95 9:53 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa09402; 28 Sep 95 9:53 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa10872; 28 Sep 95 9:53 EDT
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa09377; 28 Sep 95 9:53 EDT
Received: from merit.edu by IETF.CNRI.Reston.VA.US id aa09259; 28 Sep 95 9:44 EDT
Received: from LapTop.Simpson.DialUp.Mich.Net (pm001-05.dialip.mich.net [35.1.48.54]) by merit.edu (8.6.12/merit-2.0) with SMTP id JAA06215 for <ietf@IETF.CNRI.Reston.VA.US>; Thu, 28 Sep 1995 09:49:44 -0400
Date: Thu, 28 Sep 1995 12:30:29 +0000
X-Orig-Sender: ietf-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: William Allen Simpson <bsimpson@morningstar.com>
Message-ID: <1576.bsimpson@morningstar.com>
To: ietf@IETF.CNRI.Reston.VA.US
Subject: Re: Last Call: RIP-II Cryptographic Authentication to Proposed
> The IESG has received a request from the RIP Working Group to consider
> "RIP-II Cryptographic Authentication" <draft-ietf-ripv2-md5-01.txt> for
> the status of Proposed Standard.
>
Having gotten a set of Photuris drafts out the door, I now have a small
amount of time to review others while folks are reviewing mine.
I don't understand the need. Why not use AH???
One of the rationales is that SNMP has authentication, but I hear they
are removing it?!? In that case, we shouldn't have a separate one in
RIP, OSPF, et alia.
And, the KeyID is too short to be used with Photuris. (This won't work
with SKIP at all, of course).
The association of a keyID and an interface seems wrong to me. That's
almost Source associated keying, instead of Destination.
Should be restated as keyID and broadcast/multicast destination, which
is associated with a _link_ accessed by a particular interface! (Same
effect, better conceptualization).
And a few grammer and typos on first glance:
connectivity to the neighbor has been lost. Acceptable messages are now
truncated to RIP-II message itself and treated normally.
^^^ the
Hence it is possible to have fairly smooth RIP-II Authentication Key
^^^ comma
The order of sections is unusual. Should be Security Considerations,
References, Acknowledgments, chair, authors. That way, the internal
self-references are in the right order (and that's the order in the
"official" guideline, or it used to be :-)
Actually well-written overall, particularly on key lifetimes. I should
steal some text for Photuris....
Obviously, we need an ICMP message for notification:
In the event that the last key associated with an interface expires, it
is unacceptable to revert to an unauthenticated condition, and not
advisable to disrupt routing. Therefore, the router should send a "last
authentication key expiration" notification to the network manager and
treat the key as having an infinite lifetime until the lifetime is
extended, the key is deleted by network management, or a new key is
configured.
I expect we'll handle that in IPSec. Needed for Photuris, too. (OK,
OK, over the weekend....) You shouldn't publish this without
referencing the actual ICMP message, as it is dependent for correct
operation.
I haven't gotten a rip2 mailing list message since '92, and didn't know
you were working on this. Hopefully, the authors can forward discussion
to the list where they discussed this.
My conclusion is I oppose this going forward, instead of using IPSec.
Sorry (the authors being freinds of mine).
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2
- Re: Last Call: RIP-II Cryptographic Authenticatio… William Allen Simpson