IETF Logo Mail Archive

Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft

Manav Bhatia <manav_bhatia06@yahoo.co.uk> Mon, 21 August 2006 14:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFAlO-0007u9-8L; Mon, 21 Aug 2006 10:28:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFAlN-0007pm-2k for ospf@ietf.org; Mon, 21 Aug 2006 10:28:25 -0400
Received: from web25406.mail.ukl.yahoo.com ([217.12.10.140]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GFAfY-0005zL-4Z for ospf@ietf.org; Mon, 21 Aug 2006 10:22:25 -0400
Received: (qmail 63914 invoked by uid 60001); 21 Aug 2006 14:22:21 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=SIl/RgOhH+4ucXwC7FEfUrWBFhowrkYYwxyLQlgu9RX7WizBS+bUJe2ARH6zmTAJnNr4TD1LRdSpAMIz/3P1vnqw0NHIWhDeTsJ0LMe9vYOGZ64apycnyUce87fYn+q/O5WKGt6poYvTY4+bYUNlxTiLBeX5NmNiXpmib1knioQ= ;
Message-ID: <20060821142220.63912.qmail@web25406.mail.ukl.yahoo.com>
Received: from [202.144.106.189] by web25406.mail.ukl.yahoo.com via HTTP; Mon, 21 Aug 2006 14:22:20 GMT
Date: Mon, 21 Aug 2006 14:22:20 +0000
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
To: Tom Sanders <toms.sanders@gmail.com>, ospf@ietf.org
In-Reply-To: <6ed23a860608210420h19486857i748aa01cf65a91c9@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.9 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc:
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Hi Tom,
 
[..] 
 
> What i miserably fail to understand is the reluctance in the WG to use
> a new authentication type. We have 16 bits reserved for this field and
> i dont see this being used up any time in the coming future.
> 
> Explictly indicating the auth algo details in the header makes, in my
> view, debugging extremely easy. I understand that we would be eating
> up type codes that we would have to fill in the OSPF header each time
> we come up with a new authentication algorithm but given the size of
> this field i dont think its a point of concern.
> 
> The poll should be on whether we should proceed as-is in the draft or
> should we use a new type field for each new authentication scheme that
> we come out with?
 
We dont need to use a new auth type value for each new authentication scheme that comes up in the future.
 
One can define a new generic auth type 3, which would carry the authentication algorithm details in addition to the Key ID, auth data length and the crypto sequence number. The authentication data for type auth type 3 would be the same as type 2, except that the reserved bytes would get replaced with the authentication algorithm ID.
 
However, i dont think this is required.
 
Cheers,
Manav

>> On 20/08/06, Phil Cowburn <phil.cowburn@gmail.com> wrote:
>>
>> I strongly agree with Manav here and an implementation must be able to
>> demultiplex using the Key ID in the incoming packet. It is afterall
>> for this very reason that we put the Key ID in the packet.
>>
>> Erblichs point, as i read it is, that most implementations (if not
>> all) currently take type 2 to mean MD5. This may break once this draft
>> becomes a standard, which it would, in some time.
>>
>> My take on this is that even if the WG agrees to Erblichs solution and
>> introduces a new type, say 3 for HMAC-SHA-1 authentication, then
>> somebody else could repeat the same argument and clamour for a new
>> type when we're introducing newer authentication algorithms in the
>> future.
>>

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email