Re: Using AH for Authentication for OSPFv3
Mukesh Gupta <mgupta@iprg.nokia.com> Tue, 14 May 2002 21:23 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g4ELNrL20660; Tue, 14 May 2002 14:23:53 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA01869 Tue, 14 May 2002 16:36:08 -0400 (EDT)
X-mProtect: <200205142044> Nokia Silicon Valley Messaging Protection
Message-ID: <3CE1773D.46A19A6B@iprg.nokia.com>
Date: Tue, 14 May 2002 13:44:45 -0700
From: Mukesh Gupta <mgupta@iprg.nokia.com>
Organization: Nokia IPRG
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
CC: ospf@discuss.microsoft.com, ipsec@lists.tislabs.com
Subject: Re: Using AH for Authentication for OSPFv3
References: <4.3.2.7.1.20020514102916.00ae88a0@golf.cpgdesign.analog.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> IPSec provides security at IP level so the OSPF may not need any special > mechanism to provide security services to OSPF data. All you might need > is to configure a policy. That's right. > >OSPFv3 uses both multicast and unicast packets. Is there any standard > >way of handling these packets using IPsec AH ?? > > > >Is there any standard way of implementing OSPFv3 Authentication using AH > >extension header ?? Is there any vendor out there who has implemented it > >?? > > The RFC2740 clearly says that OSPF is not doing any Authentication part. > For your reference i am copying the RFC... > > Authentication has been removed from the OSPF protocol itself, instead > relying on IPv6's Authentication Header and Encapsulating Security > Payload. I am clear about the part that OSPF is not doing any authentication and IPsec is going to provide the security required. Since OSPF is going to send both unicast and multicast traffic and it is going to be a point to multipoint security, the implementation is little more involved. I was wondering if there is any standard way of taking care of the issues. Is there any vendor out there who has implemented this or planning to implement this in near future ?? regards Mukesh -- ****************************************************************** Often the test of courage is to not to die,but to live. ****************************************************************** Mukesh Gupta Phone: (650) 625-2264 Cell : (650) 868-9111 http://www.iprg.nokia.com/~mgupta ******************************************************************
- Using AH for Authentication for OSPFv3 Mukesh Gupta
- Re: Using AH for Authentication for OSPFv3 Ramana Yarlagadda
- Re: Using AH for Authentication for OSPFv3 Ramana Yarlagadda
- Re: Using AH for Authentication for OSPFv3 Mukesh Gupta