[OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha-05
Acee Lindem <acee@redback.com> Mon, 20 July 2009 15:20 UTC
Return-Path: <prvs=445b6b203=acee@redback.com>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 273DC3A6BD6 for <ospf@core3.amsl.com>; Mon, 20 Jul 2009 08:20:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vnh13cbdsLF for <ospf@core3.amsl.com>; Mon, 20 Jul 2009 08:20:05 -0700 (PDT)
Received: from mgate.redback.com (mgate.redback.com [155.53.3.41]) by core3.amsl.com (Postfix) with ESMTP id 55B203A6856 for <ospf@ietf.org>; Mon, 20 Jul 2009 08:20:05 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.43,235,1246863600"; d="scan'208";a="3683725"
Received: from prattle.redback.com ([155.53.12.9]) by mgate.redback.com with ESMTP; 20 Jul 2009 08:20:05 -0700
Received: from localhost (localhost [127.0.0.1]) by prattle.redback.com (Postfix) with ESMTP id A0756356327 for <ospf@ietf.org>; Mon, 20 Jul 2009 08:20:05 -0700 (PDT)
Received: from prattle.redback.com ([127.0.0.1]) by localhost (prattle [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02217-08 for <ospf@ietf.org>; Mon, 20 Jul 2009 08:20:05 -0700 (PDT)
Received: from [IPv6???1] (svilogin-1.sj.us.am.ericsson.se [155.53.154.39]) by prattle.redback.com (Postfix) with ESMTP id 56C67356326 for <ospf@ietf.org>; Mon, 20 Jul 2009 08:20:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Transfer-Encoding: 7bit
Message-Id: <F852D396-3800-4719-8FBB-AE40C572D67B@redback.com>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: OSPF List <ospf@ietf.org>
From: Acee Lindem <acee@redback.com>
Date: Mon, 20 Jul 2009 11:20:04 -0400
X-Mailer: Apple Mail (2.753.1)
Subject: [OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha-05
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2009 15:20:53 -0000
David Black's General Area Review Team (Gen-ART) comments on draft- ietf-ospf-hmac-sha-05.txt are attached: I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-ospf-hmac-sha-05 Reviewer: David L. Black Review Date: July 20, 2009 IETF LC End Date: July 20, 2009 Summary: This draft is basically ready for publication, but has nits that should be fixed before publication. Comments: This draft extends OSPFv2 cryptographic authentication to use keyed HMACs based on the NIST secure hash standard family of hashes (SHA-*). The draft is solidly written, and is a reasonably straightforward application of HMAC and the SHA-* hashes to OSPFv2. The draft is in good shape - all of my comments are minor. I wonder whether the "SHOULD" requirement for implementation in Section 3 ought to include HMAC-SHA-224 and HMAC-SHA-384. I would have stated requirements for these two hashes as "MAY" in order to encourage use of either HMAC-SHA-256 or HMAC-SHA-512 when HMAC-SHA-1 is insufficient, but this is a judgment call. To avoid confusion, this is a request that the authors think about this topic; it is *not* a comment that the requirement needs to be changed. If the authors believe that the current "SHOULD" requirements for these two hashes are the right approach, that is acceptable to me. In Section 3.2, it would be useful for the draft to say that an OSPFv2 Security Association is not set up inband via OSPFv2, in contrast to an IPsec Security Association created via IKE. Among the reasons that this should be done is that the term "OSPFv2 Security Association" is introduced in this draft - that term does not occur in RFC 2328, even though Section D.3 of RFC 2328 defines an abstraction for which "OSPFv2 Security Association" is an appropriate name. I recommend stating that this term is new to this draft. The mention of IP Security in the next to last paragraph of the Security Considerations (section 4) should cite an informative reference, RFC 4301 would be appropriate. idnits 2.11.12 did not find any issues. Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
- [OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha… Acee Lindem
- Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac… Bhatia, Manav (Manav)
- [OSPF] FW: Gen-ART review of draft-ietf-ospf-hmac… Acee Lindem
- Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac… Acee Lindem