Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
Acee Lindem <acee.lindem@ericsson.com> Tue, 11 June 2013 13:43 UTC
Return-Path: <prvs=58741635f7=acee.lindem@ericsson.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5884521F99C1 for <ospf@ietfa.amsl.com>; Tue, 11 Jun 2013 06:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.407
X-Spam-Level:
X-Spam-Status: No, score=-2.407 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAZUOxDnvOTy for <ospf@ietfa.amsl.com>; Tue, 11 Jun 2013 06:43:36 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id B88BD21F99BD for <ospf@ietf.org>; Tue, 11 Jun 2013 06:43:36 -0700 (PDT)
X-AuditID: c618062d-b7f936d000004481-82-51b729887ad5
Received: from EUSAAHC007.ericsson.se (Unknown_Domain [147.117.188.93]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id EB.C7.17537.88927B15; Tue, 11 Jun 2013 15:43:36 +0200 (CEST)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC007.ericsson.se ([147.117.188.93]) with mapi id 14.02.0328.009; Tue, 11 Jun 2013 09:43:35 -0400
From: Acee Lindem <acee.lindem@ericsson.com>
To: "Marek Karasek (mkarasek)" <mkarasek@cisco.com>
Thread-Topic: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
Thread-Index: AQHOZpfDRu1KsPZQpUSv1C6bqb0hGpkwxEsAgAAE6QA=
Date: Tue, 11 Jun 2013 13:43:34 +0000
Message-ID: <94A203EA12AECE4BA92D42DBFFE0AE47163A7A@eusaamb101.ericsson.se>
References: <51B0ED10.1090007@cisco.com> <94A203EA12AECE4BA92D42DBFFE0AE4716381E@eusaamb101.ericsson.se> <E7523A682FBA7E498E8FAF27332266AA0F5F11C2@xmb-rcd-x11.cisco.com>
In-Reply-To: <E7523A682FBA7E498E8FAF27332266AA0F5F11C2@xmb-rcd-x11.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.134]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4E19898B4DEB774CA077C0046ABB61AB@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrALMWRmVeSWpSXmKPExsUyuXRPrG6H5vZAg6sTJC0Wr3vFYvHzSyer Rcu9e+wOzB5Tfm9k9Viy5CdTAFMUt01SYklZcGZ6nr5dAnfG2c03WQsuGVS0nF7K3sDYpN7F yMkhIWAi0X/9PxuELSZx4d56IJuLQ0jgKKPEhp+7WCCc5YwS3a17warYBHQknj/6x9zFyMEh ImAsMesOK0iYWSBc4urh/8wgtrBAiMS5lpOMECWhEmc21YKERQSsJI7OPcsCYrMIqEqc23iO CcTmFfCW2LJrITvEqrWMEns/PGcESXAK+EocnNIPNp8R6Ljvp9YwQewSl7j1ZD4TxNECEkv2 nGeGsEUlXj7+xwphK0ssebKfBaJeR2LB7k9sELa1xP5Na6Bu1pZYtvA1M8QRghInZz5hmcAo PgvJillI2mchaZ+FpH0WkvYFjKyrGDlKi1PLctONDDYxAiPsmASb7g7GPS8tDzFKc7AoifOq 8S4OFBJITyxJzU5NLUgtii8qzUktPsTIxMEJIrikGhhzD56SKZAo//bvpdjqw9qXT2RND3/g XqNw9/TSzByPU7OM9smmfDctTDINdthyRVz9nnulw6Je9tAKp2y9groTszZ82C82dU/Nvt0q t0NjPr05/GZ+RZHKqQV3o3neHUjJu2UX/+3avbwFz+cdmsXOHuttwiV1aY771zq9KKlrKRv1 Pt2anLlQiaU4I9FQi7moOBEA/KRgEoMCAAA=
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 13:43:58 -0000
Hi Marek, I've thought about it and this would be compatible with the rest of the draft. It would be useful if incremental deployment is a concern. I have no objection to adding this. Any other opinions? Thanks, Acee On Jun 11, 2013, at 9:26 AM, Marek Karasek (mkarasek) wrote: > Hi Acee, > > I support bis version as well. > > I have one more suggestion though for this paragraph: > > In support of uninterrupted deployment, an OSPFv3 router implementing > this specification MAY implement a transition mode where it includes > the Authentication Trailer in transmitted packets but does not verify > this information in received packets. This is provided as a > transition aid for networks in the process of migrating to the > authentication mechanism described in this specification. > > > Can it be explicitly added how to work with checksums in the transition (or deployment) mode? I suggest adding: > > - For OSPFv3 packets to be transmitted in deployment mode, the OSPFv3 header checksum and LLS data block checksum is computed and written in the packets. > - For packets received in deployment mode which include an OSPFv3 Authentication Trailer, OSPFv3 header checksum verification MUST be omitted. > - For packets received in deployment mode which do not include an OSPFv3 Authentication Trailer, OSPFv3 header checksum and LLS data block checksum are verified. > > > Thanks marek > > > -----Original Message----- > From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem > Sent: Tuesday, June 11, 2013 1:35 PM > To: Michael Barnes (mjbarnes); ospf@ietf.org > Subject: Re: [OSPF] New Version Notification for draft-acee-ospf-rfc6506bis-01.txt > > Thank Michael - Does anyone else support this work? I think it will help ensure compatibility between implementations. I would have expected at least those who submitted the corrected errata to support the draft. > Thanks, > Acee > > On 6/6/13 1:12 PM, "Michael Barnes" <mjbarnes@cisco.com> wrote: > >> I agree these are good changes. Acee, please move forward with this draft. >> >> Thanks, >> Michael >> >> On 05/09/2013 11:03 AM, Acee Lindem wrote: >>> There have been a couple errata filed on RFC 6505 (authors copied). >>> As a service to the OSPF community and in an effort to ensure >>> interoperable OSPFv3 authentication trailer implementations, I have >>> produced a BIS draft. The changes are listed in section 1.2: >>> >>> 1.2. Summary of Changes from RFC 6506 >>> >>> This document includes the following changes from RFC 6506 >>> [RFC6506]: >>> >>> 1. Sections 2.2 and 4.2 explicitly state the Link-Local Signalling >>> (LLS) block checksum calculation is omitted when an OSPFv3 >>> authentication is used. The LLS block is included in the >>> authentication digest calculation and computation of a checksum >>> is unneccessary. Clarification of this issue was raised in an >>> errata. >>> >>> 2. Section 4.5 includes a correction to the key preparation to use >>> the protocol specific key (Ks) rather than the key (K) as the >>> initial key (Ko). This problem was also raised in an errata. >>> >>> 3. Section 4.5 also includes a discussion of the choice of key >>> length to be the hash length (L) rather than the block size (B). >>> The discussion of this choice was included to clarify an issue >>> raised in a rejected errata. >>> >>> 4. Section 4.1 indicates that sequence number checking is dependent >>> on OSPFv3 packet type in order to account for packet >>> prioritization as specified in [RFC4222]. This was an omission >>> from RFC 6506. >>> >>> >>> I would like to quickly move this to an OSPF WG document and begin >>> the review process. I'm now soliciting feedback on OSPF WG adoption. >>> >>> Thanks, >>> Acee >>> >>> >>> On May 9, 2013, at 1:43 PM, <internet-drafts@ietf.org> >>> wrote: >>> >>>> >>>> A new version of I-D, draft-acee-ospf-rfc6506bis-01.txt has been >>>> successfully submitted by Manav Bhatia and posted to the IETF >>>> repository. >>>> >>>> Filename: draft-acee-ospf-rfc6506bis >>>> Revision: 01 >>>> Title: Supporting Authentication Trailer for OSPFv3 >>>> Creation date: 2013-05-09 >>>> Group: Individual Submission >>>> Number of pages: 25 >>>> URL: >>>> http://www.ietf.org/internet-drafts/draft-acee-ospf-rfc6506bis-01.txt >>>> Status: >>>> http://datatracker.ietf.org/doc/draft-acee-ospf-rfc6506bis >>>> Htmlized: >>>> http://tools.ietf.org/html/draft-acee-ospf-rfc6506bis-01 >>>> Diff: >>>> http://www.ietf.org/rfcdiff?url2=draft-acee-ospf-rfc6506bis-01 >>>> >>>> Abstract: >>>> Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism >>>> for authenticating protocol packets. This behavior is different >>>> from >>>> authentication mechanisms present in other routing protocols >>>> (OSPFv2, >>>> Intermediate System to Intermediate System (IS-IS), RIP, and Routing >>>> Information Protocol Next Generation (RIPng)). In some >>>> environments, >>>> it has been found that IPsec is difficult to configure and maintain >>>> and thus cannot be used. This document defines an alternative >>>> mechanism to authenticate OSPFv3 protocol packets so that OSPFv3 >>>> does >>>> not only depend upon IPsec for authentication. This document >>>> obsoletes RFC 6506. >>>> >>>> >>>> >>>> >>>> The IETF Secretariat >>>> >>> >>> _______________________________________________ >>> OSPF mailing list >>> OSPF@ietf.org >>> https://www.ietf.org/mailman/listinfo/ospf >>> >> _______________________________________________ >> OSPF mailing list >> OSPF@ietf.org >> https://www.ietf.org/mailman/listinfo/ospf > > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www.ietf.org/mailman/listinfo/ospf
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem
- Re: [OSPF] New Version Notification for draft-ace… Michael Barnes
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem
- Re: [OSPF] New Version Notification for draft-ace… Marek Karasek (mkarasek)
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem
- Re: [OSPF] New Version Notification for draft-ace… Anton Smirnov
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem
- Re: [OSPF] New Version Notification for draft-ace… Marek Karasek (mkarasek)
- Re: [OSPF] New Version Notification for draft-ace… Acee Lindem