Re: [karp] Handling of LDP hello packets and the crypto table

Acee Lindem <> Mon, 30 September 2013 17:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 98E9C21F8F78 for <>; Mon, 30 Sep 2013 10:10:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RywznL30ZKIg for <>; Mon, 30 Sep 2013 10:10:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id ECBA721F9BB6 for <>; Mon, 30 Sep 2013 10:10:45 -0700 (PDT)
X-AuditID: c6180641-b7fe28e000000d82-51-5249b0936013
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id E5.DE.03458.390B9425; Mon, 30 Sep 2013 19:10:43 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.02.0328.009; Mon, 30 Sep 2013 13:10:43 -0400
From: Acee Lindem <>
To: Sam Hartman <>
Thread-Topic: [karp] Handling of LDP hello packets and the crypto table
Thread-Index: AQHOra+JHI5ZOVzUjE+8q62qULz8DZm+/VUAgAsVpf2AAEudgIAB3S/bgBI2i4A=
Date: Mon, 30 Sep 2013 17:10:42 +0000
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyuXRPiO7kDZ5BBov3G1vM+bqazeLjqTdM Fnu/rWF0YPZYsuQnk8e5Kd8ZPZrOHGUOYI7isklJzcksSy3St0vgytj3vpmp4C9PxbPrTxkb GLdxdTFyckgImEjs7ehkgrDFJC7cW88GYgsJHGWU6DwmCGEvZ5R43xMNYrMJ6Eg8f/SPGcQW EVCXWH1pEjuIzSzgI3HtzV4wW1jATeLnvwNQNe4Sk15NZYOw/SQ6nywEs1kEVCUerr7BCmLz CvhKnJv5CKyeU0BN4lHHD7AaRqB7vp9awwQxX1zi1pP5UHcKSCzZc54ZwhaVePn4H9gcUQE9 ie5Zy1kh4soSS57sZ4Ho1ZFYsPsTG4RtLfFo3QJWCFtbYtnC18wQNwhKnJz5hGUCo/gsJOtm IWmfhaR9FpL2WUjaFzCyrmLkKC1OLctNNzLcxAiMs2MSbI47GBd8sjzEKM3BoiTO++Wtc5CQ QHpiSWp2ampBalF8UWlOavEhRiYOTqkGxoKvVzfvfJIZeMnacWNgMu9Na0v9h4eK3i0znVDU vldpqXVnTIXA2W9vU2Z4xTVs63su/m7BjH7OLVG9S+Ml3v74fPHsxLZv92z3RjKdWeX47eey D75x8/ZdEljB99Iv7uisCWYHw5cz5dReXtxwSo9H9ceB4IjUkqwdR8/l551m0BGqyPtr80OJ pTgj0VCLuag4EQCP7US6gQIAAA==
Cc: "" <>
Subject: Re: [karp] Handling of LDP hello packets and the crypto table
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Sep 2013 17:10:55 -0000

This would be fine with me. Note that since LDP discovery (UDP) can be
1-to-many and LDP sessions are 1-1 (TCP), the deployment model may require
different key-table interface selectors anyway. However, the change you
propose would allow a deployment model where one key is used for both.

On 9/18/13 5:02 PM, "Sam Hartman" <> wrote:

>>>>>> "Acee" == Acee Lindem <> writes:
>    Acee> Hi Sam, I don't necessarily agree that this one use case
>    Acee> should greatly complicate the proposed key table entry
>    Acee> format. However, I'm willing to listen to your proposal on how
>    Acee> to handle this.
>I don't think it should change the format at all.
>Some document needs to describe how to use key tables for securing LDP.
>That document needs to describe what algorithms should be used.
>My proposal is that document has joint algorithms that map both to a
>TCP-AO algorithm and  an UDP protection algorithm.
>so you have a table in the document with three columns:
>1) key table algorithm
>2) TCP-AO algorithm to use when this key table entry is used
>3) UDP protection algorithm to used when this key table algorithm is
>The alternative is to register two key table protocols (LDP-TCP and
>LDP-UDP) with separate algorithm lists and require the admin to enter
>two rows.
>I thnik encoding a constant table from the document describing how to
>use key table for LDP into the implementation is relatively easy.
>Probably easier or same level of effort as supporting LDP-TCP and
>LDP-UDP as separate key table protocols.