Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
Acee Lindem <acee.lindem@ericsson.com> Tue, 10 May 2011 00:56 UTC
Return-Path: <acee.lindem@ericsson.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED8CEE06FE for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 17:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.266
X-Spam-Level:
X-Spam-Status: No, score=-5.266 tagged_above=-999 required=5 tests=[AWL=1.333, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lU-h+Z6fgbX6 for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 17:56:54 -0700 (PDT)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.8]) by ietfa.amsl.com (Postfix) with ESMTP id 1D39CE0931 for <ospf@ietf.org>; Mon, 9 May 2011 17:56:53 -0700 (PDT)
Received: from eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p4A0qQxP030845; Mon, 9 May 2011 19:52:27 -0500
Received: from EUSAACMS0702.eamcs.ericsson.se ([169.254.1.54]) by eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) with mapi; Mon, 9 May 2011 20:52:20 -0400
From: Acee Lindem <acee.lindem@ericsson.com>
To: Alan Davey <Alan.Davey@metaswitch.com>
Date: Mon, 09 May 2011 20:52:18 -0400
Thread-Topic: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
Thread-Index: AcwOrIPOSGoJz3beRJiNbGfiq7yawQ==
Message-ID: <32BB39BA-4C21-4A73-97DE-84ABA8CE2B82@ericsson.com>
References: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com> <11DE3EEC54A8A44EAD99D8C0D3FD7207AA16D4F20A@ENFIMBOX1.ad.datcon.co.uk>
In-Reply-To: <11DE3EEC54A8A44EAD99D8C0D3FD7207AA16D4F20A@ENFIMBOX1.ad.datcon.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OSPF List <ospf@ietf.org>, Vishwas Manral <vishwas@ipinfusion.com>
Subject: Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 00:56:55 -0000
Hi Alan, The authors agree - in the next revision, the Auth Data Length will include the length of the entire Authentication Trailer. Thanks, Acee On May 9, 2011, at 5:51 AM, Alan Davey wrote: > Folks > > One minor point on the draft; it is not clear to me if the Auth Data Len field is the inclusive length of the entire authentication trailer, or just the length of the Authentication Data. > > I think that the inclusive length of the authentication trailer is preferable. > > Either way, the text in section 4.1 could be made specific by changing "message digest" to "authentication trailer" or "Authentication Data". > > Regards > Alan Davey > > Network Technologies Division > Metaswitch Networks > alan.davey@metaswitch.com > +44 (0) 20 8366 1177 > www.metaswitch.com > > > > > -----Original Message----- > From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem > Sent: 05 May 2011 13:35 > To: OSPF List > Cc: Vishwas Manral > Subject: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call > > All, > > We will make these editorial changes as part of the WG last call ending on May 9. We will not issue an 05 version of the draft until the WG last period has ended. Please review the document by May 9th, if you intend to do so. > > > Clarification: > > *************** > *** 308,314 **** > Trailer is very similar to how it is done in case of [RFC2328]. The > only difference between the OSPFv2 authentication trailer and the > OSPFv3 authentication trailer is that information in addition to the > ! message digest is included. > > Consistent with OSPFv2 cryptographic authentication [RFC2328], both > OSPFv3 header checksum calculation and verification are omitted when > --- 308,317 ---- > Trailer is very similar to how it is done in case of [RFC2328]. The > only difference between the OSPFv2 authentication trailer and the > OSPFv3 authentication trailer is that information in addition to the > ! message digest is included. The additional information in the OSPFv3 > ! Authentication Trailer is included in the message digest computation > ! and, therefore, protected by OSPFv3 cryptographic authentication as > ! described herein. > > Consistent with OSPFv2 cryptographic authentication [RFC2328], both > OSPFv3 header checksum calculation and verification are omitted when > *************** > > > Correction: > > *************** > *** 623,631 **** > > 2. First Hash > > ! First, the OSPFv3 packet's Authentication Trailer (which is very > ! similar to the appendage described in RFC 2328, Section D.4.3, > ! Page 233, items(6)(a) and (6)(d)) is filled with the value Apad. > > Then, a First-Hash, also known as the inner hash, is computed as > follows: > --- 623,632 ---- > > 2. First Hash > > ! First, the OSPFv3 packet's Authentication Data field in the > ! Authentication Trailer (which is very similar to the appendage > ! described in RFC 2328, Section D.4.3, Page 233, items(6)(a) and > ! (6)(d)) is filled with the value Apad. > > Then, a First-Hash, also known as the inner hash, is computed as > follows: > *************** > *** 635,643 **** > Implementation Notes: > > Note that the First-Hash above includes the Authentication > ! Trailer containing the Apad value, as well as the OSPFv3 > ! packet, as per RFC 2328, Section D.4.3 and, if present, the > ! LLS block[RFC5613]. > > The definition of Apad (above) ensures it is always the same > length as the hash output. This is consistent with RFC 2328. > --- 636,643 ---- > Implementation Notes: > > Note that the First-Hash above includes the Authentication > ! Trailer, as well as the OSPFv3 packet, as per RFC 2328, > ! Section D.4.3 and, if present, the LLS block[RFC5613]. > > The definition of Apad (above) ensures it is always the same > length as the hash output. This is consistent with RFC 2328. > *************** > > Thanks, > Acee > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www.ietf.org/mailman/listinfo/ospf