IETF Logo Mail Archive

Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication

Hannes Gredler <hannes@juniper.net> Wed, 19 April 2006 20:58 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWJks-0002cG-GT; Wed, 19 Apr 2006 16:58:30 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FWJkr-0002c6-OT for isis-wg@ietf.org; Wed, 19 Apr 2006 16:58:29 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FWJ37-0005KZ-Kr for isis-wg@ietf.org; Wed, 19 Apr 2006 16:13:17 -0400
Received: from kremlin.juniper.net ([207.17.137.120]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FWIsP-0000XR-1y for isis-wg@ietf.org; Wed, 19 Apr 2006 16:02:15 -0400
Received: from unknown (HELO beta.jnpr.net) ([172.24.18.109]) by kremlin.juniper.net with ESMTP; 19 Apr 2006 13:02:01 -0700
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
X-IronPort-AV: i="4.04,136,1144047600"; d="scan'208"; a="541036073:sNHT25542824"
Received: from [172.26.200.193] ([172.26.200.193]) by beta.jnpr.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Apr 2006 13:01:59 -0700
Message-ID: <4446972F.6040408@juniper.net>
Date: Wed, 19 Apr 2006 22:01:51 +0200
From: Hannes Gredler <hannes@juniper.net>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050815)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: tony.li@tony.li
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
References: <006d01c663dd$87e23930$4b7d14ac@tropos.com>
In-Reply-To: <006d01c663dd$87e23930$4b7d14ac@tropos.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 19 Apr 2006 20:01:59.0945 (UTC) FILETIME=[1E5C8790:01C663EC]
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org

furthermore, it would be also time to think about authentication-type
migration support. i.e. discuss about authentication-type [simple->md5->sha]
and key rollover schemes and nail down the necessary behaviour
(multiple instances of TLV #10).

the prevailing method for both authentication-type and key rollover
(= disabling authentication check during the transition window)
is not really smooth.

/hannes

Tony Li wrote:
> Sofia,
> 
> While I know of no substantive risks to the use of MD5 today as used in
> 3567, history suggests that someday, there will be.  Thus, having other
> algorithms available is only prudent and I strongly support that goal.
> 
> Regards,
> Tony
> 
> 
>>-----Original Message-----
>>From: Sofia Ray [mailto:sofia.ray@lycos.com] 
>>Sent: Wednesday, April 19, 2006 11:04 AM
>>To: isis-wg@ietf.org
>>Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
>>
>>Manav,
>>
>>Whats wrong with the authentication scheme detailed in 3567?
>>
>>Yours,
>>Sofia
>>
>>----- Original Message ----
>>From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
>>To: isis-wg@ietf.org
>>Sent: Wednesday, 19 April, 2006 8:30:00 AM
>>Subject: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
>>
>>
>>Hi,
>>
>>We have written a draft on extending ISIS to use HMAC-SHA 
>>authentication. Would appreciate if we can get some feedback 
>>from the WG. The mechanism proposed in the draft is backward 
>>compatible and would work with the existing ISIS implementations.
>>
>>Cheers,
>>Manav
>>
>>----- Forwarded Message ----
>>From: Internet-Drafts@ietf.org
>>To: i-d-announce@ietf.org
>>Sent: Wednesday, April 19, 2006 4:20:01 AM
>>Subject: I-D ACTION:draft-bhatia-manral-isis-hmac-sha-00.txt
>>
>>A New Internet-Draft is available from the on-line 
>>Internet-Drafts directories.
>>
>>    Title        : IS-IS HMAC SHA Cryptographic Authentication
>>    Author(s)    : M. Bhatia, V. Manral
>>    Filename    : draft-bhatia-manral-isis-hmac-sha-00.txt
>>    Pages        : 8
>>    Date        : 2006-4-18
>>
>>This document proposes an extension to IS-IS [ISO] [RFC1195] 
>>to allow the use of HMAC SHA authentication algorithm in 
>>addition to the already documented authentication schemes 
>>described in the base specification and RFC 3567.
>>
>>A URL for this Internet-Draft is:
>>http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-h
>>mac-sha-00.txt
>>
>>
>>
>>-- 
>>_______________________________________________
>>
>>Search for businesses by name, location, or phone number.  
>>-Lycos Yellow Pages
>>
>>http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.c
>>om/default.asp?SRC=lycos10
>>
>>
>>_______________________________________________
>>Isis-wg mailing list
>>Isis-wg@ietf.org
>>https://www1.ietf.org/mailman/listinfo/isis-wg
>>
> 
> 
> 
> 
> _______________________________________________
> Isis-wg mailing list
> Isis-wg@ietf.org
> https://www1.ietf.org/mailman/listinfo/isis-wg

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email