Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
"Tom Sanders" <toms.sanders@gmail.com> Tue, 02 May 2006 23:56 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fb4j5-0003Vk-6i; Tue, 02 May 2006 19:56:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fb4j4-0003Vf-AP for isis-wg@ietf.org; Tue, 02 May 2006 19:56:18 -0400
Received: from nz-out-0102.google.com ([64.233.162.199]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fb4j3-0006qp-18 for isis-wg@ietf.org; Tue, 02 May 2006 19:56:18 -0400
Received: by nz-out-0102.google.com with SMTP id f1so44640nzc for <isis-wg@ietf.org>; Tue, 02 May 2006 16:56:16 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=SY3mQpOc0ATaFGqypzGT+SgPRBsRP9JINnwZl48LreJIfmxk6szdQijKlbZTMqk4qK4/46Rse5pjSmXW0voWIgpHip0HyG4VUPRUTQMw+wCn0ekXgXuhklGmorqnDqAYG5ZyY1Ox8xVZX5rNIUtwRgN4ZyzCRIhjbaCJQz2cEq8=
Received: by 10.36.134.15 with SMTP id h15mr891072nzd; Tue, 02 May 2006 16:56:16 -0700 (PDT)
Received: by 10.36.224.9 with HTTP; Tue, 2 May 2006 16:56:16 -0700 (PDT)
Message-ID: <6ed23a860605021656j26579528n1c5b54996ec77622@mail.gmail.com>
Date: Wed, 03 May 2006 05:26:16 +0530
From: Tom Sanders <toms.sanders@gmail.com>
To: isis-wg@ietf.org
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0662572624=="
Errors-To: isis-wg-bounces@ietf.org
Hi Manav, I was wondering if you could explain me how the fact that the LSP lifetime is set to zero can be exploited by someone even when using HMAC-SHA authentication algorithms, as proposed in your draft? You mention that some hash functions require all the fields of the message text T to be filled with non zero values. If so, then will it not result in interop issues, where one vendor decides to use non zero values and the other decides to fill some fields with zeros? Toms. P.S. Overall the draft looks complete and in good shape! ----- Original Message ---- From: Manav Bhatia <manav_bhatia06@yahoo.co.uk> To: isis-wg@ietf.org Sent: Tuesday, 2 May, 2006 6:08:00 AM Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication Hi, We have updated the draft to include HMAC-SHA-384 and HMAC-SHA-512 authentication modes. There were some other minor comments as well that we had received. Those have been addressed in this version. http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-hmac-sha-01.txt Would appreciate a feedback from the WG. Cheers, Manav ----- Original Message ---- From: Vishwas Manral <vishwas@ipinfusion.com> To: isis-wg@ietf.org Sent: Saturday, 22 April, 2006 6:55:51 AM Subject: RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication Hi Hannes, I mostly agree with Tony here, except for a very corner case where we can amplify a DoS because we have multiple keys to choose between at the receiver during Key Rollover. -- Toms.
_______________________________________________ Isis-wg mailing list Isis-wg@ietf.org https://www1.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] IS-IS HMAC SHA Cryptographic Authentica… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Sofia Ray
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… mike shand
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tony Li
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Vishwas Manral
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Tom Sanders
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Hannes Gredler
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Manav Bhatia
- Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authen… Abhishek Verma