Re: OSPF WG Minutes

Acee Lindem <acee@CISCO.COM> Tue, 16 August 2005 11:46 UTC

Received: from ([] by with esmtp (Exim 4.32) id 1E4ztR-0006bq-Cm for; Tue, 16 Aug 2005 07:46:09 -0400
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id HAA04492 for <ospf-archive@LISTS.IETF.ORG>; Tue, 16 Aug 2005 07:46:07 -0400 (EDT)
Received: from ( by (LSMTP for Digital Unix v1.1b) with SMTP id <>; Tue, 16 Aug 2005 7:46:05 -0400
Received: by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 14.4) with spool id 82751994 for OSPF@PEACH.EASE.LSOFT.COM; Tue, 16 Aug 2005 07:46:03 -0400
Received: from by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0m) with TCP; Tue, 16 Aug 2005 07:46:03 -0400
Received: from ( by with ESMTP; 16 Aug 2005 04:46:03 -0700
X-IronPort-AV: i="3.96,111,1122879600"; d="scan'208"; a="654959767:sNHT36926468"
Received: from ( []) by (8.12.10/8.12.6) with ESMTP id j7GBjvQM006744 for <OSPF@PEACH.EASE.LSOFT.COM>; Tue, 16 Aug 2005 04:45:58 -0700 (PDT)
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.211); Tue, 16 Aug 2005 07:46:00 -0400
Received: from [] ([]) by with Microsoft SMTPSVC(6.0.3790.211); Tue, 16 Aug 2005 07:46:00 -0400
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
References: <BB6D74C75CC76A419B6D6FA7C38317B290E932@sinett-sbs.SiNett.LAN>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 16 Aug 2005 11:46:00.0134 (UTC) FILETIME=[12833E60:01C5A258]
Message-ID: <>
Date: Tue, 16 Aug 2005 07:45:59 -0400
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Acee Lindem <acee@CISCO.COM>
Subject: Re: OSPF WG Minutes
In-Reply-To: <BB6D74C75CC76A419B6D6FA7C38317B290E932@sinett-sbs.SiNett.LAN>
Precedence: list
Content-Transfer-Encoding: 7bit

Vishwas Manral wrote:
Hi Vishwas,

>Hi Acee,
>>Acee: In practice, for OSPFv2 the sequence numbers are not monotically
>>increasing; Usage of router's clock for cryptographic sequence number 
>>generation reduces the chance for replay attacks across restarts. 
>>?: OSPF spec does not say it ...
>Acee, what I meant was that although the OSPF spec does not state that
>we need to use clocks. 
Ok - got the update.

>I think the vulnerabilities draft is the right place to state the
>problems that can happen if we do not use a clock (or something
>equivalent which increments even when a system goes down).
Ok. I was just state that in practice it is not as easy to exploit as it 

>Another issue is that even if the sender uses clock for the "sequence
>number" and goes down, all the packets of a previous session can still
>be replayed by another router. So the chance of replay attacks is still
You don't mean all the packets do you? You mean all the packets with the 
last sequence number. So,
if the last packet was a hello, the session could be kept up indefinitely.


>-----Original Message-----
>From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM] On Behalf Of Acee
>Sent: Monday, August 15, 2005 7:50 PM
>Subject: OSPF WG Minutes
>Attached are the minutes from the Paris OSPF WG meeting. Thanks to
>Dimitri for taking them.