IETF Logo Mail Archive

Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt

Acee Lindem <acee.lindem@ericsson.com> Tue, 11 June 2013 13:43 UTC

Return-Path: <prvs=58741635f7=acee.lindem@ericsson.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5884521F99C1 for <ospf@ietfa.amsl.com>; Tue, 11 Jun 2013 06:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.407
X-Spam-Level:
X-Spam-Status: No, score=-2.407 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAZUOxDnvOTy for <ospf@ietfa.amsl.com>; Tue, 11 Jun 2013 06:43:36 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id B88BD21F99BD for <ospf@ietf.org>; Tue, 11 Jun 2013 06:43:36 -0700 (PDT)
X-AuditID: c618062d-b7f936d000004481-82-51b729887ad5
Received: from EUSAAHC007.ericsson.se (Unknown_Domain [147.117.188.93]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id EB.C7.17537.88927B15; Tue, 11 Jun 2013 15:43:36 +0200 (CEST)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC007.ericsson.se ([147.117.188.93]) with mapi id 14.02.0328.009; Tue, 11 Jun 2013 09:43:35 -0400
From: Acee Lindem <acee.lindem@ericsson.com>
To: "Marek Karasek (mkarasek)" <mkarasek@cisco.com>
Thread-Topic: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
Thread-Index: AQHOZpfDRu1KsPZQpUSv1C6bqb0hGpkwxEsAgAAE6QA=
Date: Tue, 11 Jun 2013 13:43:34 +0000
Message-ID: <94A203EA12AECE4BA92D42DBFFE0AE47163A7A@eusaamb101.ericsson.se>
References: <51B0ED10.1090007@cisco.com> <94A203EA12AECE4BA92D42DBFFE0AE4716381E@eusaamb101.ericsson.se> <E7523A682FBA7E498E8FAF27332266AA0F5F11C2@xmb-rcd-x11.cisco.com>
In-Reply-To: <E7523A682FBA7E498E8FAF27332266AA0F5F11C2@xmb-rcd-x11.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.134]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4E19898B4DEB774CA077C0046ABB61AB@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrALMWRmVeSWpSXmKPExsUyuXRPrG6H5vZAg6sTJC0Wr3vFYvHzSyer Rcu9e+wOzB5Tfm9k9Viy5CdTAFMUt01SYklZcGZ6nr5dAnfG2c03WQsuGVS0nF7K3sDYpN7F yMkhIWAi0X/9PxuELSZx4d56IJuLQ0jgKKPEhp+7WCCc5YwS3a17warYBHQknj/6x9zFyMEh ImAsMesOK0iYWSBc4urh/8wgtrBAiMS5lpOMECWhEmc21YKERQSsJI7OPcsCYrMIqEqc23iO CcTmFfCW2LJrITvEqrWMEns/PGcESXAK+EocnNIPNp8R6Ljvp9YwQewSl7j1ZD4TxNECEkv2 nGeGsEUlXj7+xwphK0ssebKfBaJeR2LB7k9sELa1xP5Na6Bu1pZYtvA1M8QRghInZz5hmcAo PgvJillI2mchaZ+FpH0WkvYFjKyrGDlKi1PLctONDDYxAiPsmASb7g7GPS8tDzFKc7AoifOq 8S4OFBJITyxJzU5NLUgtii8qzUktPsTIxMEJIrikGhhzD56SKZAo//bvpdjqw9qXT2RND3/g XqNw9/TSzByPU7OM9smmfDctTDINdthyRVz9nnulw6Je9tAKp2y9groTszZ82C82dU/Nvt0q t0NjPr05/GZ+RZHKqQV3o3neHUjJu2UX/+3avbwFz+cdmsXOHuttwiV1aY771zq9KKlrKRv1 Pt2anLlQiaU4I9FQi7moOBEA/KRgEoMCAAA=
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 13:43:58 -0000

Hi Marek, 
I've thought about it and this would be compatible with the rest of the draft. It would be useful if incremental deployment is a concern. I have no objection to adding this. Any other opinions? 

Thanks,
Acee
On Jun 11, 2013, at 9:26 AM, Marek Karasek (mkarasek) wrote:

> Hi Acee,
> 
> I support bis version as well.
> 
> I have one more suggestion though for this paragraph:
> 
>   In support of uninterrupted deployment, an OSPFv3 router implementing
>   this specification MAY implement a transition mode where it includes
>   the Authentication Trailer in transmitted packets but does not verify
>   this information in received packets.  This is provided as a
>   transition aid for networks in the process of migrating to the
>   authentication mechanism described in this specification.
> 
> 
> Can it be explicitly added how to work with checksums in the transition (or deployment) mode? I suggest adding:
> 
> - For OSPFv3 packets to be transmitted in deployment mode, the OSPFv3 header checksum and LLS data block checksum is computed and written in the packets.
> - For packets received in deployment mode which include an OSPFv3 Authentication Trailer, OSPFv3 header checksum verification MUST be omitted.
> - For packets received in deployment mode which do not include an OSPFv3 Authentication Trailer, OSPFv3 header checksum and LLS data block checksum are verified.
> 
> 
> Thanks marek
> 
> 
> -----Original Message-----
> From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem
> Sent: Tuesday, June 11, 2013 1:35 PM
> To: Michael Barnes (mjbarnes); ospf@ietf.org
> Subject: Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
> 
> Thank Michael - Does anyone else support this work? I think it will help ensure compatibility between implementations. I would have expected at least those who submitted the corrected errata to support the draft.
> Thanks,
> Acee
> 
> On 6/6/13 1:12 PM, "Michael Barnes" <mjbarnes@cisco.com> wrote:
> 
>> I agree these are good changes. Acee, please move forward with this draft.
>> 
>> Thanks,
>> Michael
>> 
>> On 05/09/2013 11:03 AM, Acee Lindem wrote:
>>> There have been a couple errata filed on RFC 6505 (authors copied). 
>>> As a service to the  OSPF community and in an effort to ensure 
>>> interoperable OSPFv3 authentication  trailer implementations, I have 
>>> produced a BIS draft. The changes are listed in  section 1.2:
>>> 
>>> 1.2.  Summary of Changes from RFC 6506
>>> 
>>>    This document includes the following changes from RFC 6506
>>> [RFC6506]:
>>> 
>>>    1.  Sections 2.2 and 4.2 explicitly state the Link-Local Signalling
>>>        (LLS) block checksum calculation is omitted when an OSPFv3
>>>        authentication is used.  The LLS block is included in the
>>>        authentication digest calculation and computation of a checksum
>>>        is unneccessary.  Clarification of this issue was raised in an
>>>        errata.
>>> 
>>>    2.  Section 4.5 includes a correction to the key preparation to use
>>>        the protocol specific key (Ks) rather than the key (K) as the
>>>        initial key (Ko).  This problem was also raised in an errata.
>>> 
>>>    3.  Section 4.5 also includes a discussion of the choice of key
>>>        length to be the hash length (L) rather than the block size (B).
>>>        The discussion of this choice was included to clarify an issue
>>>        raised in a rejected errata.
>>> 
>>>    4.  Section 4.1 indicates that sequence number checking is dependent
>>>        on OSPFv3 packet type in order to account for packet
>>>        prioritization as specified in [RFC4222].  This was an omission
>>>        from RFC 6506.
>>> 
>>> 
>>> I would like to quickly move this to an OSPF WG document and begin 
>>> the review process. I'm now soliciting feedback on OSPF WG adoption.
>>> 
>>> Thanks,
>>> Acee
>>> 
>>> 
>>> On May 9, 2013, at 1:43 PM, <internet-drafts@ietf.org>
>>>  wrote:
>>> 
>>>> 
>>>> A new version of I-D, draft-acee-ospf-rfc6506bis-01.txt has been 
>>>> successfully submitted by Manav Bhatia and posted to the IETF 
>>>> repository.
>>>> 
>>>> Filename:	 draft-acee-ospf-rfc6506bis
>>>> Revision:	 01
>>>> Title:		 Supporting Authentication Trailer for OSPFv3
>>>> Creation date:	 2013-05-09
>>>> Group:		 Individual Submission
>>>> Number of pages: 25
>>>> URL:           
>>>> http://www.ietf.org/internet-drafts/draft-acee-ospf-rfc6506bis-01.txt
>>>> Status:        
>>>> http://datatracker.ietf.org/doc/draft-acee-ospf-rfc6506bis
>>>> Htmlized:      
>>>> http://tools.ietf.org/html/draft-acee-ospf-rfc6506bis-01
>>>> Diff:          
>>>> http://www.ietf.org/rfcdiff?url2=draft-acee-ospf-rfc6506bis-01
>>>> 
>>>> Abstract:
>>>>   Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism
>>>>   for authenticating protocol packets.  This behavior is different 
>>>> from
>>>>   authentication mechanisms present in other routing protocols 
>>>> (OSPFv2,
>>>>   Intermediate System to Intermediate System (IS-IS), RIP, and Routing
>>>>   Information Protocol Next Generation (RIPng)).  In some 
>>>> environments,
>>>>   it has been found that IPsec is difficult to configure and maintain
>>>>   and thus cannot be used.  This document defines an alternative
>>>>   mechanism to authenticate OSPFv3 protocol packets so that OSPFv3 
>>>> does
>>>>   not only depend upon IPsec for authentication.  This document
>>>>   obsoletes RFC 6506.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> The IETF Secretariat
>>>> 
>>> 
>>> _______________________________________________
>>> OSPF mailing list
>>> OSPF@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ospf
>>> 
>> _______________________________________________
>> OSPF mailing list
>> OSPF@ietf.org
>> https://www.ietf.org/mailman/listinfo/ospf
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email