IETF Logo Mail Archive

Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft

"Vishwas Manral" <vishwas.ietf@gmail.com> Mon, 28 August 2006 11:53 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHfg3-0001K0-9l; Mon, 28 Aug 2006 07:53:15 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHfg2-0001Jh-IF for ospf@ietf.org; Mon, 28 Aug 2006 07:53:14 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GHeNV-0003pk-32 for ospf@ietf.org; Mon, 28 Aug 2006 06:30:01 -0400
Received: from wx-out-0506.google.com ([66.249.82.236]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GHeCo-0006wL-04 for ospf@ietf.org; Mon, 28 Aug 2006 06:19:00 -0400
Received: by wx-out-0506.google.com with SMTP id t4so1715484wxc for <ospf@ietf.org>; Mon, 28 Aug 2006 03:18:57 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ze7/ZoWJSspodN65yBiMcJAURgAzE05k9SCZg3AzrpjEZn9PKwD89Bl775wPbEqNNm1lmIX9R6TQ3FxnlvHysKzUFtM7cS2FsGtuE4tNozhCacpikkhxvTYF/zUx7aIHk8dmaFEbS66SW7KazcGrLgrBkqLISVJXBXOkRFU+uHo=
Received: by 10.70.14.20 with SMTP id 20mr8988546wxn; Mon, 28 Aug 2006 03:18:57 -0700 (PDT)
Received: by 10.70.33.3 with HTTP; Mon, 28 Aug 2006 03:18:56 -0700 (PDT)
Message-ID: <77ead0ec0608280318p1b73e218v8bca87253ae30933@mail.gmail.com>
Date: Mon, 28 Aug 2006 15:48:56 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: sujay <sujayg@huawei.com>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-Reply-To: <001601c6c73f$4c2d44a0$9207120a@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <77ead0ec0608232153j6eb2add0l42cbc084fe3c4ec3@mail.gmail.com> <001601c6c73f$4c2d44a0$9207120a@china.huawei.com>
X-Spam-Score: -2.5 (--)
X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86
Cc: ospf@ietf.org, paul@jakma.org, Mailing List <OSPF@peach.ease.lsoft.com>
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Sujay,

I agree we can include that in the draft. The reason as well as the
links to the draft.

Thanks,
Vishwas

On 8/24/06, sujay <sujayg@huawei.com> wrote:
> Agree,
> While a failed authentication could be basically due to configuration issues
> or
> Mismatched algo's.Where 'Configuration' can be changed, but a 'not supported
> algo'
> may need  an  Image upgrade. It's my guess image upgrade may not be
> thoroughly welcome.
> We do need a 'Must' support algo. clause.
>
> Vishwas ; would it be a nice idea to add a section in the current draft,
> talking about this issue
> and with cross reference to the below mentioned drafts??
>
>
> Regds,
> Sujay G
> My Location;
> http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h
> &hl=en
>
>
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
> -----Original Message-----
> From: Vishwas Manral [mailto:vishwas.ietf@gmail.com]
> Sent: Thursday, August 24, 2006 10:24 AM
> To: paul@jakma.org
> Cc: ospf@ietf.org; Mailing List
> Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
>
> Paul,
>
> > There is though value in defining "MUST support" algos, otherwise poor
> > users could be faced with having routers which all implement OSPF but
> > can be made to interoperate unless authentication is left
> > unconfigured.
> We have drafts to meet the following exact requirements:
> http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-ospf-00.t
> xt
>  and
> http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.t
> xt
>
> for OSPF and IS-IS respectively.
>
> Thanks,
> Vishwas
>
> On 8/24/06, Paul Jakma <paul@clubi.ie> wrote:
> > On Wed, 23 Aug 2006, Dave Katz wrote:
> >
> > > Sigh.  C'mon, folks, there is no problem.
> >
> > > At the end of the day it doesn't matter if the value of 2 or 3 or
> > > 42 is used; if there's a mismatch on the the algorithm ID, the
> > > algorithm, or the key, the authentication will fail, and if it all
> > > matches, it will work.
> >
> > Strongly concur.
> >
> > There is though value in defining "MUST support" algos, otherwise poor
> > users could be faced with having routers which all implement OSPF but
> > can be made to interoperate unless authentication is left
> > unconfigured.
> >
> > MD5 at least should be defined as a MUST support.
> >
> > (Despite the pre-image weaknesses, it's still not yet completely
> >   insecure in MAC mode)
> >
> > regards,
> > --
> > Paul Jakma      paul@clubi.ie   paul@jakma.org  Key ID: 64A2FF6A
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>
>

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email