IETF Logo Mail Archive

[OSPF] One more RFC 6506BIS Clarification

Acee Lindem <acee@lindem.com> Mon, 07 October 2013 20:24 UTC

Return-Path: <acee@lindem.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FEF121F8445 for <ospf@ietfa.amsl.com>; Mon, 7 Oct 2013 13:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bsSY017nUEqZ for <ospf@ietfa.amsl.com>; Mon, 7 Oct 2013 13:24:48 -0700 (PDT)
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1CA11E8135 for <ospf@ietf.org>; Mon, 7 Oct 2013 13:24:34 -0700 (PDT)
X-Authority-Analysis: v=2.0 cv=Rs5H3VaK c=1 sm=0 a=C2g1Hp6idNFTy4K9KrF8yg==:17 a=x7FEv9pE1mkA:10 a=Wma4Of2gTTwA:10 a=kj9zAlcOel0A:10 a=QYaTxUjTAAAA:8 a=KGjhK52YXX0A:10 a=DLDx8OX49g8A:10 a=On94-Kqe0LohZuGPMrYA:9 a=CjuIK1q_8ugA:10 a=GPeY6O3snON3tnCa:21 a=vmBdLIlNGmLjM0MR:21 a=C2g1Hp6idNFTy4K9KrF8yg==:117
X-Cloudmark-Score: 0
X-Authenticated-User:
X-Originating-IP: 65.190.0.120
Received: from [65.190.0.120] ([65.190.0.120:61861] helo=[192.168.1.106]) by cdptpa-oedge04.mail.rr.com (envelope-from <acee@lindem.com>) (ecelerity 2.2.3.46 r()) with ESMTP id 72/DD-07811-18813525; Mon, 07 Oct 2013 20:24:33 +0000
From: Acee Lindem <acee@lindem.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 07 Oct 2013 16:24:32 -0400
Message-Id: <39397A08-58F0-474D-AA3F-17390CB01FEF@lindem.com>
To: OSPF List <ospf@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Subject: [OSPF] One more RFC 6506BIS Clarification
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 20:24:54 -0000

One more thing I intend to add is explicit specification that the OSPFv3 packet should be dropped if the Security Association isn't found or has expired. The text is analogous to the original RFC 2328 Appendix D text. This will be added to section 4.6. 

***************
*** 976,981 ****
--- 976,986 ----
     and the IPv6 header length is less than the amount necessary to
     include an Authentication Trailer.
  
+    Locate the receiving interface's OSPFv3 SA using the SA ID in the
+    received AT.  If the SA is not found, or if the SA is not valid for
+    reception (i.e., current time < KeyStartAccept or current time >=
+    KeyStopAccept), the OSPFv3 packet is dropped.
+ 
     If the cryptographic sequence number in the AT is less than or equal
     to the last sequence number in the last OSPFv3 packet of the same
     OSPFv3 type successfully received from the neighbor, the OSPFv3
   
Although I would hope no one would complain about this since it was always implied in section 3 (see excerpt below), please speak now if you have any concerns. 

   o  Security Association Identifier (SA ID)

      This is a 16-bit unsigned integer used to uniquely identify an
      OSPFv3 SA, as manually configured by the network operator.

      The receiver determines the active SA by looking at the SA ID
      field in the incoming protocol packet.

v2.23.0 | Report a Bug | By Email