Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
Hannes Gredler <hannes@juniper.net> Wed, 19 April 2006 20:58 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWJks-0002cG-GT; Wed, 19 Apr 2006 16:58:30 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWJkr-0002c6-OT for isis-wg@ietf.org; Wed, 19 Apr 2006 16:58:29 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWJ37-0005KZ-Kr for isis-wg@ietf.org; Wed, 19 Apr 2006 16:13:17 -0400
Received: from kremlin.juniper.net ([207.17.137.120]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FWIsP-0000XR-1y for isis-wg@ietf.org; Wed, 19 Apr 2006 16:02:15 -0400
Received: from unknown (HELO beta.jnpr.net) ([172.24.18.109]) by kremlin.juniper.net with ESMTP; 19 Apr 2006 13:02:01 -0700
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="4.04,136,1144047600"; d="scan'208"; a="541036073:sNHT25542824"
Received: from [172.26.200.193] ([172.26.200.193]) by beta.jnpr.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Apr 2006 13:01:59 -0700
Message-ID: <4446972F.6040408@juniper.net>
Date: Wed, 19 Apr 2006 22:01:51 +0200
From: Hannes Gredler <hannes@juniper.net>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050815)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: tony.li@tony.li
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
References: <006d01c663dd$87e23930$4b7d14ac@tropos.com>
In-Reply-To: <006d01c663dd$87e23930$4b7d14ac@tropos.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 19 Apr 2006 20:01:59.0945 (UTC) FILETIME=[1E5C8790:01C663EC]
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org
furthermore, it would be also time to think about authentication-type migration support. i.e. discuss about authentication-type [simple->md5->sha] and key rollover schemes and nail down the necessary behaviour (multiple instances of TLV #10). the prevailing method for both authentication-type and key rollover (= disabling authentication check during the transition window) is not really smooth. /hannes Tony Li wrote: > Sofia, > > While I know of no substantive risks to the use of MD5 today as used in > 3567, history suggests that someday, there will be. Thus, having other > algorithms available is only prudent and I strongly support that goal. > > Regards, > Tony > > >>-----Original Message----- >>From: Sofia Ray [mailto:sofia.ray@lycos.com] >>Sent: Wednesday, April 19, 2006 11:04 AM >>To: isis-wg@ietf.org >>Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication >> >>Manav, >> >>Whats wrong with the authentication scheme detailed in 3567? >> >>Yours, >>Sofia >> >>----- Original Message ---- >>From: Manav Bhatia <manav_bhatia06@yahoo.co.uk> >>To: isis-wg@ietf.org >>Sent: Wednesday, 19 April, 2006 8:30:00 AM >>Subject: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication >> >> >>Hi, >> >>We have written a draft on extending ISIS to use HMAC-SHA >>authentication. Would appreciate if we can get some feedback >>from the WG. The mechanism proposed in the draft is backward >>compatible and would work with the existing ISIS implementations. >> >>Cheers, >>Manav >> >>----- Forwarded Message ---- >>From: Internet-Drafts@ietf.org >>To: i-d-announce@ietf.org >>Sent: Wednesday, April 19, 2006 4:20:01 AM >>Subject: I-D ACTION:draft-bhatia-manral-isis-hmac-sha-00.txt >> >>A New Internet-Draft is available from the on-line >>Internet-Drafts directories. >> >> Title : IS-IS HMAC SHA Cryptographic Authentication >> Author(s) : M. Bhatia, V. Manral >> Filename : draft-bhatia-manral-isis-hmac-sha-00.txt >> Pages : 8 >> Date : 2006-4-18 >> >>This document proposes an extension to IS-IS [ISO] [RFC1195] >>to allow the use of HMAC SHA authentication algorithm in >>addition to the already documented authentication schemes >>described in the base specification and RFC 3567. >> >>A URL for this Internet-Draft is: >>http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-h >>mac-sha-00.txt >> >> >> >>-- >>_______________________________________________ >> >>Search for businesses by name, location, or phone number. >>-Lycos Yellow Pages >> >>http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.c >>om/default.asp?SRC=lycos10 >> >> >>_______________________________________________ >>Isis-wg mailing list >>Isis-wg@ietf.org >>https://www1.ietf.org/mailman/listinfo/isis-wg >> > > > > > _______________________________________________ > Isis-wg mailing list > Isis-wg@ietf.org > https://www1.ietf.org/mailman/listinfo/isis-wg _______________________________________________ Isis-wg mailing list Isis-wg@ietf.org https://www1.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] IS-IS HMAC SHA Cryptographic Authentica… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Sofia Ray
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… mike shand
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Vishwas Manral
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tom Sanders
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Abhishek Verma