Re: [OSPF] OSPF HMAC Cryptographic Authentication
"Phil Cowburn" <phil.cowburn@gmail.com> Sat, 22 July 2006 03:51 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G48Wr-00084l-9U; Fri, 21 Jul 2006 23:51:49 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G48Wp-00084g-L6 for ospf@ietf.org; Fri, 21 Jul 2006 23:51:47 -0400
Received: from ug-out-1314.google.com ([66.249.92.169]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G48Wn-0001jj-8G for ospf@ietf.org; Fri, 21 Jul 2006 23:51:47 -0400
Received: by ug-out-1314.google.com with SMTP id m2so1621676uge for <ospf@ietf.org>; Fri, 21 Jul 2006 20:51:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=IKVp/6U83YOwQ9NaR34pIC3p+smQZ0wqseUnTa9NZDZ13+UBB1Hqe5SwtrlFMTql5popGB9czHpUfTJQcg/mjbRCZWw1yNej11K1XLCv5fRdJw5ItZpYp0BTYbh5HXZW1P1XZquF+5t3VYT67i+NZShLMwOReY1TQrQ8wszVV6c=
Received: by 10.82.109.13 with SMTP id h13mr23456buc; Fri, 21 Jul 2006 20:51:44 -0700 (PDT)
Received: by 10.82.138.20 with HTTP; Fri, 21 Jul 2006 20:51:44 -0700 (PDT)
Message-ID: <6e6ce9380607212051j5dbb9362q174cbf425a8b566e@mail.gmail.com>
Date: Sat, 22 Jul 2006 09:21:44 +0530
From: Phil Cowburn <phil.cowburn@gmail.com>
To: vishwas.ietf@gmail.com, rohitgupta416@indiatimes.com
Subject: Re: [OSPF] OSPF HMAC Cryptographic Authentication
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Score: 1.9 (+)
X-Scan-Signature: 5d7a7e767f20255fce80fa0b77fb2433
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Hi, In Section 5 you've mentioned the block sizes without units. I presume they are in bytes, but it would be good if you explicitly state this. I think it might be good to refer to RFC 3174 somewhere. Also AFAIK RFC 2104 has the C code to compute HMAC when the text input is fixed in length. SHA algorithms are defined in terms of variable number of bits. There may thus be some modifications required in HMAC C code for SHA. You may want to capture this somewhere. Otherwise the draft looks in good shape and has been long due. Its time we all moved away from using MD5 to something thats more stronger. Is there a similar work for TCP based protocols like LDP and BGP? Or other routing protocols like RIP (naah .. am not sure if we really need something like this for RIP) and i-ISIS (for IP)? Phil ----- Original Message ---- From: Vishwas Manral <vishwas.ietf@gmail.com> To: Rohit Gupta <rohitgupta416@indiatimes.com> Cc: ospf@ietf.org Sent: Monday, 17 July, 2006 9:54:59 PM Subject: Re: [OSPF] OSPF HMAC Cryptographic Authentication Hi Rohit, The authors of the OSPF RFC have done it very intelligently. By allowing the KeyId field which is Opaque, the value of the KeyId itself defines a seperate security association(channel). IT is the understanding between the two ends, that a particular KeyId identifies a key as well as the cryptographic algorithm used. That is the reason we do not need any new fields. Thanks, Vishwas On 7/17/06, Rohit Gupta <rohitgupta416@indiatimes.com> wrote: > Hi, > > I could not see any new field added in the OSPF message. How do you then make out whether the OSPF router is using HMAC-SHA1 algorithm or the MD5 (the normal OSPF authentication algorithm)? > > Thanks, > Rohit > > ----- Original Message ---- > From: Manav Bhatia <manav_bhatia06@yahoo.co.uk> > To: ospf@ietf.org > Sent: Saturday, 15 July, 2006 5:06:45 AM > Subject: [OSPF] OSPF HMAC Cryptographic Authentication > > > Hi, > > We have just posted a draft that describes a mechanism for authenticating OSPF packets by making use of HMAC algorithm in conjunction with the SHA family of cryptographic hash functions. It would be great if the WG can provide some feedback and comments on the same. > > http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt > > Thanks, > Manav > > > ----- Forwarded Message ---- > > From: Internet-Drafts@ietf.org > > To: i-d-announce@ietf.org > > Sent: Saturday, July 15, 2006 1:20:01 AM > > Subject: I-D ACTION:draft-bhatia-manral-white-ospf-hmac-sha-00.txt > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > > > > > Title : OSPF HMAC Cryptographic Authentication > > Author(s) : M. Bhatia, et al. > > Filename : draft-bhatia-manral-white-ospf-hmac-sha-00.txt > > Pages : 10 > > Date : 2006-6-14 > > > > This document describes a mechanism for authenticating OSPF packets > > by making use of the HMAC algorithm in conjunction with the SHA > > family of cryptographic hash functions. Because of the way the hash > > functions are used in HMAC construction, the collision attacks > > currently known against SHA-1 do not apply. > > > > This will be done in addition to the already documented > > authentication schemes described in the base specification. > > > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt > > > > To remove yourself from the I-D Announcement list, send a message to > > i-d-announce-request@ietf.org with the word unsubscribe in the body of the > > message. > > You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce > > to change your subscription settings. > > > > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www1.ietf.org/mailman/listinfo/ospf > > Sign Up for your FREE eWallet at www.wallet365.com > > > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www1.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] OSPF HMAC Cryptographic Authentication Manav Bhatia
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Rohit Gupta
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Vishwas Manral
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Acee Lindem
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Phil Cowburn
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Vishwas Manral
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Vishwas Manral
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Manav Bhatia
- Re: [OSPF] OSPF HMAC Cryptographic Authentication Phil Cowburn