Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
"Vishwas Manral" <vishwas.ietf@gmail.com> Mon, 28 August 2006 11:53 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHfg3-0001K0-9l; Mon, 28 Aug 2006 07:53:15 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHfg2-0001Jh-IF for ospf@ietf.org; Mon, 28 Aug 2006 07:53:14 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHeNV-0003pk-32 for ospf@ietf.org; Mon, 28 Aug 2006 06:30:01 -0400
Received: from wx-out-0506.google.com ([66.249.82.236]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHeCo-0006wL-04 for ospf@ietf.org; Mon, 28 Aug 2006 06:19:00 -0400
Received: by wx-out-0506.google.com with SMTP id t4so1715484wxc for <ospf@ietf.org>; Mon, 28 Aug 2006 03:18:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ze7/ZoWJSspodN65yBiMcJAURgAzE05k9SCZg3AzrpjEZn9PKwD89Bl775wPbEqNNm1lmIX9R6TQ3FxnlvHysKzUFtM7cS2FsGtuE4tNozhCacpikkhxvTYF/zUx7aIHk8dmaFEbS66SW7KazcGrLgrBkqLISVJXBXOkRFU+uHo=
Received: by 10.70.14.20 with SMTP id 20mr8988546wxn; Mon, 28 Aug 2006 03:18:57 -0700 (PDT)
Received: by 10.70.33.3 with HTTP; Mon, 28 Aug 2006 03:18:56 -0700 (PDT)
Message-ID: <77ead0ec0608280318p1b73e218v8bca87253ae30933@mail.gmail.com>
Date: Mon, 28 Aug 2006 15:48:56 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: sujay <sujayg@huawei.com>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-Reply-To: <001601c6c73f$4c2d44a0$9207120a@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <77ead0ec0608232153j6eb2add0l42cbc084fe3c4ec3@mail.gmail.com> <001601c6c73f$4c2d44a0$9207120a@china.huawei.com>
X-Spam-Score: -2.5 (--)
X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86
Cc: ospf@ietf.org, paul@jakma.org, Mailing List <OSPF@peach.ease.lsoft.com>
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Sujay, I agree we can include that in the draft. The reason as well as the links to the draft. Thanks, Vishwas On 8/24/06, sujay <sujayg@huawei.com> wrote: > Agree, > While a failed authentication could be basically due to configuration issues > or > Mismatched algo's.Where 'Configuration' can be changed, but a 'not supported > algo' > may need an Image upgrade. It's my guess image upgrade may not be > thoroughly welcome. > We do need a 'Must' support algo. clause. > > Vishwas ; would it be a nice idea to add a section in the current draft, > talking about this issue > and with cross reference to the below mentioned drafts?? > > > Regds, > Sujay G > My Location; > http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h > &hl=en > > > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, > but not limited to, total or partial disclosure, reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the sender by > phone or email immediately and delete it! > -----Original Message----- > From: Vishwas Manral [mailto:vishwas.ietf@gmail.com] > Sent: Thursday, August 24, 2006 10:24 AM > To: paul@jakma.org > Cc: ospf@ietf.org; Mailing List > Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft > > Paul, > > > There is though value in defining "MUST support" algos, otherwise poor > > users could be faced with having routers which all implement OSPF but > > can be made to interoperate unless authentication is left > > unconfigured. > We have drafts to meet the following exact requirements: > http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-ospf-00.t > xt > and > http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.t > xt > > for OSPF and IS-IS respectively. > > Thanks, > Vishwas > > On 8/24/06, Paul Jakma <paul@clubi.ie> wrote: > > On Wed, 23 Aug 2006, Dave Katz wrote: > > > > > Sigh. C'mon, folks, there is no problem. > > > > > At the end of the day it doesn't matter if the value of 2 or 3 or > > > 42 is used; if there's a mismatch on the the algorithm ID, the > > > algorithm, or the key, the authentication will fail, and if it all > > > matches, it will work. > > > > Strongly concur. > > > > There is though value in defining "MUST support" algos, otherwise poor > > users could be faced with having routers which all implement OSPF but > > can be made to interoperate unless authentication is left > > unconfigured. > > > > MD5 at least should be defined as a MUST support. > > > > (Despite the pre-image weaknesses, it's still not yet completely > > insecure in MAC mode) > > > > regards, > > -- > > Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A > > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www1.ietf.org/mailman/listinfo/ospf > > _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… tom.petch
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Michael J Barnes
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Russ White
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Dave Katz
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Paul Jakma
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem