IETF Logo Mail Archive

Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft

Acee Lindem <acee@cisco.com> Sun, 20 August 2006 21:45 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEv6l-0005GU-9d; Sun, 20 Aug 2006 17:45:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEv6k-0005FT-7z for ospf@ietf.org; Sun, 20 Aug 2006 17:45:26 -0400
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GEv6i-0004ds-T5 for ospf@ietf.org; Sun, 20 Aug 2006 17:45:26 -0400
Received: from sj-dkim-7.cisco.com ([171.68.10.88]) by sj-iport-4.cisco.com with ESMTP; 20 Aug 2006 14:45:25 -0700
X-IronPort-AV: i="4.08,149,1154934000"; d="scan'208"; a="1849062965:sNHT32258372"
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-7.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7KLjOHi020971; Sun, 20 Aug 2006 14:45:24 -0700
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k7KLjNw9000779; Sun, 20 Aug 2006 14:45:24 -0700 (PDT)
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 20 Aug 2006 17:45:23 -0400
Received: from [10.82.225.19] ([10.82.225.19]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 20 Aug 2006 17:45:23 -0400
Message-ID: <44E8D7F2.20606@cisco.com>
Date: Sun, 20 Aug 2006 17:45:22 -0400
From: Acee Lindem <acee@cisco.com>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: Phil Cowburn <phil.cowburn@gmail.com>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
References: <20060819171729.55449.qmail@web25411.mail.ukl.yahoo.com> <6e6ce9380608191759j6cee8034w44b0130d1d98d2e1@mail.gmail.com>
In-Reply-To: <6e6ce9380608191759j6cee8034w44b0130d1d98d2e1@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 20 Aug 2006 21:45:23.0242 (UTC) FILETIME=[F09FC8A0:01C6C4A1]
DKIM-Signature: a=rsa-sha1; q=dns; l=1046; t=1156110324; x=1156974324; c=relaxed/simple; s=sjdkim7002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=acee@cisco.com; z=From:Acee=20Lindem=20<acee@cisco.com> |Subject:Re=3A=20[OSPF]=20Revised=20OSPF=20HMAC=20SHA=20Authentication=20Draft; X=v=3Dcisco.com=3B=20h=3DENkKZTy4NElqncPOG8c/IfO5Vnk=3D; b=TXvOJT37qJuv69uisLkJlTWUQrJBbPD/XEuxk+MT2V7aKlLmI6TY5kcw1cpC7nsROCP0zeom PenPoZi6XUfJVklcBsViSaKW3Cg8JVABbaJJcvQKGqBSObd0cqwce8LN;
Authentication-Results: sj-dkim-7.cisco.com; header.From=acee@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Phil Cowburn wrote:
> I strongly agree with Manav here and an implementation must be able to
> demultiplex using the Key ID in the incoming packet. It is afterall
> for this very reason that we put the Key ID in the packet.
>
> Erblichs point, as i read it is, that most implementations (if not
> all) currently take type 2 to mean MD5. This may break once this draft
> becomes a standard, which it would, in some time.
>
> My take on this is that even if the WG agrees to Erblichs solution and
> introduces a new type, say 3 for HMAC-SHA-1 authentication, then
> somebody else could repeat the same argument and clamour for a new
> type when we're introducing newer authentication algorithms in the
> future.
Hi Phil,
I think RFC 2328 is clear that authentication type 2 applies to all
cryptographic authentication types.

Thanks,
Acee
>
> Lets move on from this issue.
>
> Phil
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email