Re: [karp] Handling of LDP hello packets and the crypto table
Acee Lindem <acee.lindem@ericsson.com> Mon, 30 September 2013 17:10 UTC
Return-Path: <acee.lindem@ericsson.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98E9C21F8F78 for <karp@ietfa.amsl.com>; Mon, 30 Sep 2013 10:10:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RywznL30ZKIg for <karp@ietfa.amsl.com>; Mon, 30 Sep 2013 10:10:49 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) by ietfa.amsl.com (Postfix) with ESMTP id ECBA721F9BB6 for <karp@ietf.org>; Mon, 30 Sep 2013 10:10:45 -0700 (PDT)
X-AuditID: c6180641-b7fe28e000000d82-51-5249b0936013
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id E5.DE.03458.390B9425; Mon, 30 Sep 2013 19:10:43 +0200 (CEST)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.02.0328.009; Mon, 30 Sep 2013 13:10:43 -0400
From: Acee Lindem <acee.lindem@ericsson.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Thread-Topic: [karp] Handling of LDP hello packets and the crypto table
Thread-Index: AQHOra+JHI5ZOVzUjE+8q62qULz8DZm+/VUAgAsVpf2AAEudgIAB3S/bgBI2i4A=
Date: Mon, 30 Sep 2013 17:10:42 +0000
Message-ID: <94A203EA12AECE4BA92D42DBFFE0AE470306E828@eusaamb101.ericsson.se>
In-Reply-To: <tsl7ged65lu.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [147.117.188.134]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <52F68ED09CC4BC438B2144490A057756@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyuXRPiO7kDZ5BBov3G1vM+bqazeLjqTdM Fnu/rWF0YPZYsuQnk8e5Kd8ZPZrOHGUOYI7isklJzcksSy3St0vgytj3vpmp4C9PxbPrTxkb GLdxdTFyckgImEjs7ehkgrDFJC7cW88GYgsJHGWU6DwmCGEvZ5R43xMNYrMJ6Eg8f/SPGcQW EVCXWH1pEjuIzSzgI3HtzV4wW1jATeLnvwNQNe4Sk15NZYOw/SQ6nywEs1kEVCUerr7BCmLz CvhKnJv5CKyeU0BN4lHHD7AaRqB7vp9awwQxX1zi1pP5UHcKSCzZc54ZwhaVePn4H9gcUQE9 ie5Zy1kh4soSS57sZ4Ho1ZFYsPsTG4RtLfFo3QJWCFtbYtnC18wQNwhKnJz5hGUCo/gsJOtm IWmfhaR9FpL2WUjaFzCyrmLkKC1OLctNNzLcxAiMs2MSbI47GBd8sjzEKM3BoiTO++Wtc5CQ QHpiSWp2ampBalF8UWlOavEhRiYOTqkGxoKvVzfvfJIZeMnacWNgMu9Na0v9h4eK3i0znVDU vldpqXVnTIXA2W9vU2Z4xTVs63su/m7BjH7OLVG9S+Ml3v74fPHsxLZv92z3RjKdWeX47eey D75x8/ZdEljB99Iv7uisCWYHw5cz5dReXtxwSo9H9ceB4IjUkqwdR8/l551m0BGqyPtr80OJ pTgj0VCLuag4EQCP7US6gQIAAA==
Cc: "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] Handling of LDP hello packets and the crypto table
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 17:10:55 -0000
This would be fine with me. Note that since LDP discovery (UDP) can be 1-to-many and LDP sessions are 1-1 (TCP), the deployment model may require different key-table interface selectors anyway. However, the change you propose would allow a deployment model where one key is used for both. Thanks, Acee On 9/18/13 5:02 PM, "Sam Hartman" <hartmans-ietf@mit.edu> wrote: >>>>>> "Acee" == Acee Lindem <acee.lindem@ericsson.com> writes: > > Acee> Hi Sam, I don't necessarily agree that this one use case > Acee> should greatly complicate the proposed key table entry > Acee> format. However, I'm willing to listen to your proposal on how > Acee> to handle this. > >I don't think it should change the format at all. > >Some document needs to describe how to use key tables for securing LDP. >That document needs to describe what algorithms should be used. > >My proposal is that document has joint algorithms that map both to a >TCP-AO algorithm and an UDP protection algorithm. > >so you have a table in the document with three columns: > >1) key table algorithm >2) TCP-AO algorithm to use when this key table entry is used >3) UDP protection algorithm to used when this key table algorithm is >used. > >The alternative is to register two key table protocols (LDP-TCP and >LDP-UDP) with separate algorithm lists and require the admin to enter >two rows. > >I thnik encoding a constant table from the document describing how to >use key table for LDP into the implementation is relatively easy. >Probably easier or same level of effort as supporting LDP-TCP and >LDP-UDP as separate key table protocols.
- [karp] Handling of LDP hello packets and the cryp… Sam Hartman
- Re: [karp] Handling of LDP hello packets and the … Joel M. Halpern
- Re: [karp] Handling of LDP hello packets and the … Sam Hartman
- Re: [karp] Handling of LDP hello packets and the … Acee Lindem
- Re: [karp] Handling of LDP hello packets and the … Sam Hartman
- Re: [karp] Handling of LDP hello packets and the … Acee Lindem