IETF Logo Mail Archive

Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication

"Tom Sanders" <toms.sanders@gmail.com> Tue, 02 May 2006 23:56 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fb4j5-0003Vk-6i; Tue, 02 May 2006 19:56:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fb4j4-0003Vf-AP for isis-wg@ietf.org; Tue, 02 May 2006 19:56:18 -0400
Received: from nz-out-0102.google.com ([64.233.162.199]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fb4j3-0006qp-18 for isis-wg@ietf.org; Tue, 02 May 2006 19:56:18 -0400
Received: by nz-out-0102.google.com with SMTP id f1so44640nzc for <isis-wg@ietf.org>; Tue, 02 May 2006 16:56:16 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=SY3mQpOc0ATaFGqypzGT+SgPRBsRP9JINnwZl48LreJIfmxk6szdQijKlbZTMqk4qK4/46Rse5pjSmXW0voWIgpHip0HyG4VUPRUTQMw+wCn0ekXgXuhklGmorqnDqAYG5ZyY1Ox8xVZX5rNIUtwRgN4ZyzCRIhjbaCJQz2cEq8=
Received: by 10.36.134.15 with SMTP id h15mr891072nzd; Tue, 02 May 2006 16:56:16 -0700 (PDT)
Received: by 10.36.224.9 with HTTP; Tue, 2 May 2006 16:56:16 -0700 (PDT)
Message-ID: <6ed23a860605021656j26579528n1c5b54996ec77622@mail.gmail.com>
Date: Wed, 03 May 2006 05:26:16 +0530
From: Tom Sanders <toms.sanders@gmail.com>
To: isis-wg@ietf.org
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0662572624=="
Errors-To: isis-wg-bounces@ietf.org

Hi Manav,

I was wondering if you could explain me how the fact that the LSP
lifetime is set to zero can be exploited by someone even when using
HMAC-SHA authentication algorithms, as proposed in your draft?

You mention that some hash functions require all the fields of the
message text T to be filled with non zero values. If so, then will it
not result in interop issues, where one vendor decides to use non zero
values and the other decides to fill some fields with zeros?

Toms.

P.S.
Overall the draft looks complete and in good shape!

----- Original Message ----
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
To: isis-wg@ietf.org
Sent: Tuesday, 2 May, 2006 6:08:00 AM
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication


Hi,

We have updated the draft to include HMAC-SHA-384 and HMAC-SHA-512
authentication modes. There were some other minor comments as well
that we had received. Those have been addressed in this version.

http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-hmac-sha-01.txt

Would appreciate a feedback from the WG.

Cheers,
Manav

----- Original Message ----
From: Vishwas Manral <vishwas@ipinfusion.com>
To: isis-wg@ietf.org
Sent: Saturday, 22 April, 2006 6:55:51 AM
Subject: RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication


Hi Hannes,

I mostly agree with Tony here, except for a very corner case where we
can amplify
a DoS because we have multiple keys to choose between at the receiver during Key
Rollover.



--
Toms.

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email