Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai

Russ White <russ@cisco.com> Wed, 13 April 2011 17:46 UTC

Return-Path: <russ@cisco.com>
X-Original-To: ospf@ietfc.amsl.com
Delivered-To: ospf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 414D2E0871 for <ospf@ietfc.amsl.com>; Wed, 13 Apr 2011 10:46:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08kj9JnEdFcb for <ospf@ietfc.amsl.com>; Wed, 13 Apr 2011 10:46:16 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by ietfc.amsl.com (Postfix) with ESMTP id 487EEE086C for <ospf@ietf.org>; Wed, 13 Apr 2011 10:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=russ@cisco.com; l=597; q=dns/txt; s=iport; t=1302716776; x=1303926376; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=BNwaw7GYwADfMt429+9kDG2LhcymWESie0/gG2Sypr0=; b=D+1bxEXoJneH7rB2/69OWXB7Vo0/j9QDTIVctGB1cz6k9wX2vERKm0Tg zJXQyf1WzmIA9HKfJ4wHAIS80YljfufLBbMSsdiulUa5QbFAp2kfhXQwc y30/kxZgAoBFO/nvOvWGYakVIl3C/KMyNXC+Qjx37H9ObH+P5PWSQbIjS M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAD7hpU2tJV2b/2dsb2JhbACmGXemOp0EhW4EjWiDbw
X-IronPort-AV: E=Sophos;i="4.64,205,1301875200"; d="scan'208";a="429138585"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by sj-iport-1.cisco.com with ESMTP; 13 Apr 2011 17:45:58 +0000
Received: from [10.116.137.181] (rtp-russwh-8714.cisco.com [10.116.137.181]) by rcdn-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p3DHjvqi032618; Wed, 13 Apr 2011 17:45:58 GMT
Message-ID: <4DA5E14B.6010102@cisco.com>
Date: Wed, 13 Apr 2011 13:45:47 -0400
From: Russ White <russ@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: Acee Lindem <acee.lindem@ericsson.com>
References: <566PDLFAb2496S04.1302586047@web04.cms.usa.net> <BANLkTimM8QO9p1pRNkFTougUgbKH0b=V3Q@mail.gmail.com> <7C362EEF9C7896468B36C9B79200D8350CFD037D65@INBANSXCHMBSA1.in.alcatel-lucent.com> <47E0DC9D-E5B3-40CB-94E1-8A915D7DAE62@ericsson.com> <7C362EEF9C7896468B36C9B79200D8350CFD0DE1EF@INBANSXCHMBSA1.in.alcatel-lucent.com> <66C78CD1-77BC-4DAA-BC79-818292E0659C@ericsson.com> <7C362EEF9C7896468B36C9B79200D8350CFD0DE1F1@INBANSXCHMBSA1.in.alcatel-lucent.com> <7C4E79A4-6AC9-4797-822C-5C0963091C7A@ericsson.com> <7C362EEF9C7896468B36C9B79200D8350CFD0DE210@INBANSXCHMBSA1.in.alcatel-lucent.com> <B4EDF6A2-CF0F-4850-864D-771ACAD2E1EC@ericsson.com>
In-Reply-To: <B4EDF6A2-CF0F-4850-864D-771ACAD2E1EC@ericsson.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 17:46:17 -0000

>> (1) The text on upper 32 bits should be a MAY and not a MUST, so that implementations that don't have nvram or don't want to implement this part of the spec still remain compliant to the standard.
> 
> I'd vote for this option since I'd bet that devices sophisticated enough to run OSPFv3 deployed in places where you care about replay protection across cold restarts will have some form of non-volatile memory. Hence, I'd make it a SHOULD instead of a MUST. 

I'd vote for this option, as well. It provides the best chance of
providing what's needed to prevent replays.

:-)

Russ