IETF Logo Mail Archive

RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft

Manav Bhatia <manav_bhatia06@yahoo.co.uk> Wed, 23 August 2006 09:50 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFpNd-0001mE-NZ; Wed, 23 Aug 2006 05:50:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFpNc-0001m9-4I for ospf@ietf.org; Wed, 23 Aug 2006 05:50:36 -0400
Received: from web25408.mail.ukl.yahoo.com ([217.12.10.142]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GFpNS-0003Q5-MN for ospf@ietf.org; Wed, 23 Aug 2006 05:50:36 -0400
Received: (qmail 50392 invoked by uid 60001); 23 Aug 2006 09:23:45 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding; b=23fgOeNjMAGocWETgANo37UAYfKw6loPdfQeprZAMgu80h0LYD7hUeqFcVBXGdBXA3KPfqU4OaYbr7hQnhLRy1KviExBM7Sx/vJZDKlj/OfGfmoBff/NK9bQiJasOegZdhUJvVrVkyrqdpmXQO2Lt/pi9HPv7RrwdxUW23f5u48= ;
Message-ID: <20060823092345.50390.qmail@web25408.mail.ukl.yahoo.com>
Received: from [202.144.106.188] by web25408.mail.ukl.yahoo.com via HTTP; Wed, 23 Aug 2006 09:23:45 GMT
Date: Wed, 23 Aug 2006 09:23:45 +0000
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
To: sujayg@huawei.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.9 (/)
X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64
Cc: ospf@ietf.org, vishwas.manral@gmail.com
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Sujay,
 
OSPF can make use of various cryptographic algorithms in order to authenticate its packets. Your concern is wrt interoperability between disparate implementations where a particular implementation may not implement some certain mandatory-to-implement algorithms. To ensure this doesn’t happen, it is necessary to specify a set of mandatory-to-implement algorithms so that there is at least one algorithm that all implementations will have available. 
 
We cannot assume this mandatory-to-implement algorithm to be MD5, as this has been broken. MD5CRK, was a distributed computing project to break the MD5 hash algorithm in a short period of time. The project closed down with the publication of their paper by Wang, X. et al., "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", August 2004, http://eprint.iacr.org/2004/199  

draft-bhatia-manral-crypto-req-ospf-00.txt defines the current set of mandatory-to-implement algorithms that can be used for the cryptographic authentication for OSPF as well as specifies the algorithms that should/must be implemented because they may get promoted to mandatory at some future time. 
 
http://tools.ietf.org/wg/ospf/draft-bhatia-manral-crypto-req-ospf-00.txt
 
Cheers,
Manav 
________________________________
 From: sujay [mailto:sujayg@huawei.com] 
 Sent: Wednesday, August 23, 2006 2:36 PM
 To: 'Manav Bhatia'
 Cc: 'Mailing List'; ospf@ietf.org
 Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
 
 
 Yes,
 If an authentication fails it could mean the algo's used are different.
 And if one implementation supports MD5 alone( "which I believe is commonly used !" ), the others
 support otherwise, It could be a problem, there is no explicit way we are converying which algo is being used.
 The Au Type = 2 is overloaded.
 Now a "MUST" clause is for the WG to decide.
 Regds,
 Sujay G
 My Location;
 http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h&hl=en
 
--
Lucent Technologies
 
 
 

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email