Re: [OSPF] Security Extension for OSPFv2 when using Manual Key Management - draft-bhatia-karp-ospf-ip-layer-protection-03
Curtis Villamizar <curtis@occnc.com> Tue, 12 April 2011 02:58 UTC
Return-Path: <curtis@occnc.com>
X-Original-To: ospf@ietfc.amsl.com
Delivered-To: ospf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 538A6E06C2 for <ospf@ietfc.amsl.com>; Mon, 11 Apr 2011 19:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3pAGQdbesus for <ospf@ietfc.amsl.com>; Mon, 11 Apr 2011 19:58:20 -0700 (PDT)
Received: from harbor.orleans.occnc.com (harbor.orleans.occnc.com [173.9.106.135]) by ietfc.amsl.com (Postfix) with ESMTP id AEFDAE06B3 for <ospf@ietf.org>; Mon, 11 Apr 2011 19:58:20 -0700 (PDT)
Received: from harbor.orleans.occnc.com (harbor.orleans.occnc.com [173.9.106.135]) by harbor.orleans.occnc.com (8.13.6/8.13.6) with ESMTP id p3C2wGfH022688; Mon, 11 Apr 2011 22:58:16 -0400 (EDT) (envelope-from curtis@harbor.orleans.occnc.com)
Message-Id: <201104120258.p3C2wGfH022688@harbor.orleans.occnc.com>
To: Acee Lindem <acee.lindem@ericsson.com>
From: Curtis Villamizar <curtis@occnc.com>
In-reply-to: Your message of "Mon, 11 Apr 2011 13:18:08 EDT." <4B460FD5-4E9D-4ECF-8D7B-24137FBF9017@ericsson.com>
Date: Mon, 11 Apr 2011 22:58:16 -0400
Sender: curtis@occnc.com
Cc: OSPF WG List <ospf@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [OSPF] Security Extension for OSPFv2 when using Manual Key Management - draft-bhatia-karp-ospf-ip-layer-protection-03
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: curtis@occnc.com
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2011 02:58:21 -0000
In message <4B460FD5-4E9D-4ECF-8D7B-24137FBF9017@ericsson.com> Acee Lindem writes: > > There was general agreement that this should be a WG document at the > meeting in Prague. Please indicate your position on making this draft > a WG document with intended status Proposed Standard. > > Thanks, > Acee Yes I support making this a WG item. One improvement and something pointed out in KARP is that public/private key pairs are often used and have advantages over shared keys. One thing that can be done if a public/private key pair is used is encrypt a session key for use during a session. Instead of a sequence number or session ID, the key itself is exchanged. That is somewhat similar to the way kerberos makes use of a session key to encrypt as little information as possible using the shared secret that is used to get a tgt from the KDC. This has an advantage that with a periodic change in the session key a snooper with access to a lot of computing resource could still have trouble breaking the session key before it changed. For most applications of OSPF this won't matter. For some it might. Curtis And always remember - just because you are paranoid doesn't mean they are not out to get you. :-)
- [OSPF] Security Extension for OSPFv2 when using M… Acee Lindem
- Re: [OSPF] Security Extension for OSPFv2 when usi… Stan Ratliff
- Re: [OSPF] Security Extension for OSPFv2 when usi… Glen Kent
- Re: [OSPF] Security Extension for OSPFv2 when usi… Jack Kohn
- Re: [OSPF] Security Extension for OSPFv2 when usi… Curtis Villamizar
- Re: [OSPF] Security Extension for OSPFv2 when usi… Wenhu Lu
- Re: [OSPF] Security Extension for OSPFv2 when usi… Russ White
- Re: [OSPF] Security Extension for OSPFv2 when usi… Abhay Roy
- [OSPF] draft-ietf-ospf-security-extension-manual-… Bhatia, Manav (Manav)