Re: OSPF cryptographic authentication keying
Acee Lindem <acee@REDBACK.COM> Wed, 14 August 2002 14:10 UTC
Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09770 for <ospf-archive@LISTS.IETF.ORG>; Wed, 14 Aug 2002 10:10:57 -0400 (EDT)
Received: from walnut (209.119.0.61) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <8.006D3A93@cherry.ease.lsoft.com>; Wed, 14 Aug 2002 10:12:14 -0400
Received: from DISCUSS.MICROSOFT.COM by DISCUSS.MICROSOFT.COM (LISTSERV-TCP/IP release 1.8e) with spool id 106665 for OSPF@DISCUSS.MICROSOFT.COM; Wed, 14 Aug 2002 10:12:10 -0400
Received: from 155.53.12.9 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0f) with TCP; Wed, 14 Aug 2002 10:12:09 -0400
Received: from redback.com (login002.redback.com [155.53.12.54]) by prattle.redback.com (Postfix) with ESMTP id C0D571DCC72 for <OSPF@DISCUSS.MICROSOFT.COM>; Wed, 14 Aug 2002 07:12:07 -0700 (PDT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
References: <05F679A54DF3D51188100008C7919756D38AED@ma07exm03.corp.isg.mot.com> <3D5953A3.5064A4BF@iprg.nokia.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID: <3D5A6530.8020102@redback.com>
Date: Wed, 14 Aug 2002 10:12:00 -0400
Reply-To: Mailing List <OSPF@DISCUSS.MICROSOFT.COM>
Sender: Mailing List <OSPF@DISCUSS.MICROSOFT.COM>
From: Acee Lindem <acee@REDBACK.COM>
Subject: Re: OSPF cryptographic authentication keying
To: OSPF@DISCUSS.MICROSOFT.COM
Precedence: list
Content-Transfer-Encoding: 7bit
Mukesh Gupta wrote: >>I have a couple of questions about how keying is established for OSPF >>cryptographic authentication: >> > > I am assuming that you are talking about OSPFv2. > > >>First of all, which may be a stupid questions, I have the impression the >>keying is essentially on a pairwise basis, rather than a key being shared >>among all the entities in an area. Is that correct? >> > > To my knowledge, No. It is not correct. The keys are shared between all the > entities in an area and they are not on a pairwise basis. Mukesh, Keys need only be shared on a per-interface basis. The specification of authentication type per interface (as opposed to per area) was introduced between RFCs 1583 and 2178. Thanks, Acee > Using pairwise keys > in the multicast environment will not work. > > >>Second, how are these keys normally established in today's operational >>world? I realize this is a bit outside of the scope of OSPF, but do people >>use manual entry, SNMP, some negotiation framework like ISAKMP, or what? >> > > I think, most of the implementations use manual entry. ISAKMP wouldn't be easy > to use in the multicast environment OSPF uses. Key negotiation mechanisms for > multicast are still being explored. > > regards > Mukesh > > -- > ****************************************************************** > Work fascinates me. I can look at it for hours ! > ****************************************************************** > Mukesh Gupta > Phone: (650) 625-2264 > Cell : (650) 868-9111 > http://www.iprg.nokia.com/~mgupta > ****************************************************************** > > -- Acee
- OSPF cryptographic authentication keying Eastlake III Donald-LDE008
- Re: OSPF cryptographic authentication keying Mukesh Gupta
- Re: OSPF cryptographic authentication keying Acee Lindem
- Re: OSPF cryptographic authentication keying Mukesh Gupta
- Re: OSPF cryptographic authentication keying Eastlake III Donald-LDE008
- Re: OSPF cryptographic authentication keying Mukesh Gupta