IETF Logo Mail Archive

Re: [OSPF] OSPF HMAC Cryptographic Authentication

Acee Lindem <acee@cisco.com> Mon, 17 July 2006 16:46 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2WEj-0000KK-SD; Mon, 17 Jul 2006 12:46:25 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2WEh-0000Ep-CV for ospf@ietf.org; Mon, 17 Jul 2006 12:46:23 -0400
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2W09-0002gg-SE for ospf@ietf.org; Mon, 17 Jul 2006 12:31:24 -0400
Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-5.cisco.com with ESMTP; 17 Jul 2006 09:31:21 -0700
X-IronPort-AV: i="4.06,251,1149490800"; d="scan'208"; a="306217204:sNHT27468288"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6HGVKLb028499; Mon, 17 Jul 2006 09:31:20 -0700
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id k6HGVKHS020217; Mon, 17 Jul 2006 09:31:20 -0700 (PDT)
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Jul 2006 12:31:19 -0400
Received: from [10.82.224.204] ([10.82.224.204]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Jul 2006 12:31:19 -0400
Message-ID: <44BBBB56.7090807@cisco.com>
Date: Mon, 17 Jul 2006 12:31:18 -0400
From: Acee Lindem <acee@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Rohit Gupta <rohitgupta416@indiatimes.com>
Subject: Re: [OSPF] OSPF HMAC Cryptographic Authentication
References: <200607171501.UAA22068@WS0005.indiatimes.com>
In-Reply-To: <200607171501.UAA22068@WS0005.indiatimes.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 17 Jul 2006 16:31:19.0279 (UTC) FILETIME=[6EB3B7F0:01C6A9BE]
DKIM-Signature: a=rsa-sha1; q=dns; l=3277; t=1153153881; x=1154017881; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=acee@cisco.com; z=From:Acee=20Lindem=20<acee@cisco.com> |Subject:Re=3A=20[OSPF]=20OSPF=20HMAC=20Cryptographic=20Authentication; X=v=3Dcisco.com=3B=20h=3DqS+2MVR0twaJSGxxylPtcPIe8WA=3D; b=JhCrszTVkyBfzWY1L8sdnjvbvulNVYsz4T6gfOxDX3qUUNGsCtLaYGQoLH0ui9TvWvg8I2vb b2poowXyI0BqrQ/S/RI7Pz7QHHu9h8qZJ8Fe6yEZlP/wMo3lEF2Vfz8q;
Authentication-Results: sj-dkim-5.cisco.com; header.From=acee@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Rohit Gupta wrote:
> Hi,
>
> I could not see any new field added in the OSPF message. How do you then make out whether the OSPF router is using HMAC-SHA1 algorithm or the MD5 (the normal OSPF authentication algorithm)?
>   
Hi Rohit,
As more than one person pointed out to me, AuType 2 doesn't
define the algorithm used for cryptographic authentication. From D.3 in
RFC 2328:

     Key ID
            This field identifies the algorithm and secret key used to
            create the message digest appended to the OSPF packet. Key
            Identifiers are unique per-interface (or equivalently, per-
            subnet).

Hence, no new AuType value is required. However, since the use of MD5
is described FULLY in appendix D, it would be nice to point out the 
similarities
and differences in this draft.

Thanks,
Acee
> Thanks,
> Rohit
>
> ----- Original Message ----
> From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
> To: ospf@ietf.org
> Sent: Saturday, 15 July, 2006 5:06:45 AM
> Subject: [OSPF] OSPF HMAC Cryptographic Authentication
>
>
> Hi,
>
> We have just posted a draft that describes a mechanism for authenticating OSPF packets by making use of HMAC algorithm in conjunction with the SHA family of cryptographic hash functions. It would be great if the WG can provide some feedback and comments on the same.
>
> http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt
>
> Thanks,
> Manav
>
>   
>> ----- Forwarded Message ----
>> From: Internet-Drafts@ietf.org
>> To: i-d-announce@ietf.org
>> Sent: Saturday, July 15, 2006 1:20:01 AM
>> Subject: I-D ACTION:draft-bhatia-manral-white-ospf-hmac-sha-00.txt
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts 
>> directories.
>>
>>
>>    Title        : OSPF HMAC Cryptographic Authentication
>>    Author(s)    : M. Bhatia, et al.
>>    Filename    : draft-bhatia-manral-white-ospf-hmac-sha-00.txt
>>    Pages        : 10
>>    Date        : 2006-6-14
>>
>>   This document describes a mechanism for authenticating OSPF packets
>>   by making use of the HMAC algorithm in conjunction with the SHA
>>   family of cryptographic hash functions. Because of the way the hash
>>   functions are used in HMAC construction, the collision attacks
>>   currently known against SHA-1 do not apply.
>>
>>   This will be done in addition to the already documented
>>   authentication schemes described in the base specification.
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt
>>
>> To remove yourself from the I-D Announcement list, send a message to
>> i-d-announce-request@ietf.org with the word unsubscribe in the body of the 
>> message.
>> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
>> to change your subscription settings.
>>
>>     
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>
> Sign Up for your FREE eWallet at www.wallet365.com
>
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>
>   

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email