IETF Logo Mail Archive

Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft

"Vishwas Manral" <vishwas.ietf@gmail.com> Thu, 24 August 2006 04:53 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GG7Dn-0003ro-Fp; Thu, 24 Aug 2006 00:53:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GG7Dm-0003rj-Dw for ospf@ietf.org; Thu, 24 Aug 2006 00:53:38 -0400
Received: from wx-out-0506.google.com ([66.249.82.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GG7Dk-0003kD-6H for ospf@ietf.org; Thu, 24 Aug 2006 00:53:38 -0400
Received: by wx-out-0506.google.com with SMTP id t4so357476wxc for <ospf@ietf.org>; Wed, 23 Aug 2006 21:53:36 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GiPI2LOVcMr6OJ4tq6IV1EUsSfqbLuX9M9VKj4zWkgkkdyVuN7gZh5EcBGKL/6NppAqNpTl/Bd3ioYbLsbsJsX205g0cy3Ltbw3xzi05GcdWdvB9d2raINTNDZME/B426h0Pe6HaxxPcIqEcKYScJNrLucDKeSPGp+3FypeDjy8=
Received: by 10.70.51.17 with SMTP id y17mr1836201wxy; Wed, 23 Aug 2006 21:53:35 -0700 (PDT)
Received: by 10.70.33.3 with HTTP; Wed, 23 Aug 2006 21:53:35 -0700 (PDT)
Message-ID: <77ead0ec0608232153j6eb2add0l42cbc084fe3c4ec3@mail.gmail.com>
Date: Thu, 24 Aug 2006 10:23:35 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: paul@jakma.org
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-Reply-To: <Pine.LNX.4.64.0608240503170.7725@sheen.jakma.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <003801c6c693$6b286760$9207120a@china.huawei.com> <43DD6866-31C7-439A-A140-6BD2C0DE6B82@juniper.net> <Pine.LNX.4.64.0608240503170.7725@sheen.jakma.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: ospf@ietf.org, Mailing List <OSPF@peach.ease.lsoft.com>
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Paul,

> There is though value in defining "MUST support" algos, otherwise
> poor users could be faced with having routers which all implement
> OSPF but can be made to interoperate unless authentication is left
> unconfigured.
We have drafts to meet the following exact requirements:
http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-ospf-00.txt
 and
http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.txt

for OSPF and IS-IS respectively.

Thanks,
Vishwas

On 8/24/06, Paul Jakma <paul@clubi.ie> wrote:
> On Wed, 23 Aug 2006, Dave Katz wrote:
>
> > Sigh.  C'mon, folks, there is no problem.
>
> > At the end of the day it doesn't matter if the value of 2 or 3 or
> > 42 is used; if there's a mismatch on the the algorithm ID, the
> > algorithm, or the key, the authentication will fail, and if it all
> > matches, it will work.
>
> Strongly concur.
>
> There is though value in defining "MUST support" algos, otherwise
> poor users could be faced with having routers which all implement
> OSPF but can be made to interoperate unless authentication is left
> unconfigured.
>
> MD5 at least should be defined as a MUST support.
>
> (Despite the pre-image weaknesses, it's still not yet completely
>   insecure in MAC mode)
>
> regards,
> --
> Paul Jakma      paul@clubi.ie   paul@jakma.org  Key ID: 64A2FF6A

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email