IETF Logo Mail Archive

Re: draft-ietf-ospf-ospfv3-auth-06.txt Ready for IESG review

Mukesh Gupta <Mukesh.K.Gupta@NOKIA.COM> Mon, 10 January 2005 05:49 UTC

Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA05655 for <ospf-archive@LISTS.IETF.ORG>; Mon, 10 Jan 2005 00:49:52 -0500 (EST)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <1.00F3EC27@cherry.ease.lsoft.com>; Mon, 10 Jan 2005 0:49:51 -0500
Received: by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 14.3) with spool id 52705185 for OSPF@PEACH.EASE.LSOFT.COM; Mon, 10 Jan 2005 00:49:42 -0500
Received: from 131.228.20.26 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0l) with TCP; Mon, 10 Jan 2005 00:49:42 -0500
Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j0A5nYi04316 for <OSPF@PEACH.EASE.LSOFT.COM>; Mon, 10 Jan 2005 07:49:41 +0200 (EET)
X-Scanned: Mon, 10 Jan 2005 07:48:00 +0200 Nokia Message Protector V1.3.34 2004121512 - RELEASE
Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id j0A5m0gQ002172 for <OSPF@PEACH.EASE.LSOFT.COM>; Mon, 10 Jan 2005 07:48:00 +0200
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks004.ntc.nokia.com 006se87g; Mon, 10 Jan 2005 07:47:58 EET
Received: from daebh002.NOE.Nokia.com (daebh002.americas.nokia.com [10.241.35.122]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j0A5lcU28234 for <OSPF@PEACH.EASE.LSOFT.COM>; Mon, 10 Jan 2005 07:47:38 +0200 (EET)
Received: from daebe009.NOE.Nokia.com ([10.241.35.109]) by daebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Sun, 9 Jan 2005 23:47:29 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thread-Topic: draft-ietf-ospf-ospfv3-auth-06.txt Ready for IESG review
thread-index: AcT0YyKUKN+2jhfMQtG30BwiBt67fgADHBMgAAaItqAAArMHMACQcyBg
X-OriginalArrivalTime: 10 Jan 2005 05:47:29.0134 (UTC) FILETIME=[DEE7A0E0:01C4F6D7]
Message-ID: <8D260779A766FB4A9C1739A476F84FA401F79BB1@daebe009.americas.nokia.com>
Date: Sun, 09 Jan 2005 23:47:28 -0600
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Mukesh Gupta <Mukesh.K.Gupta@NOKIA.COM>
Subject: Re: draft-ietf-ospf-ospfv3-auth-06.txt Ready for IESG review
To: OSPF@PEACH.EASE.LSOFT.COM
Precedence: list
Content-Transfer-Encoding: quoted-printable

Vishwas,

Comments inline :)

> Would it make more sense if we change the text "NULL encryption" 
> to "NULL encryption (for ESP) or no encryption (for AH)" ?
> VM> OK.

Ok.  We have consensus on one thing :)  We will take care of this
in the next rev.

> > VM> I still don't see a reason why we should talk about DES at all.
> I still don't understand why we can't use DES as an example of a weak
> encryption algorithm.  
> I would like to hear others' opnion about this ?  Acee?
> VM> I think examples should not be given of protocols which are on the
> "SHOULD NOT" list of IETF/NIST.

I still don't quite agree with you here.  Lets hear from others
on this !  Acee, what is your opinion on this ?

> VM> Yes, however I think we should be specifying a default 
> algorithm for
> OSPF(or are you saying you are not specifying any algorithms instead
> just directly pointing to the ESP/AH algorithms document).

I will cover this in the separate mail.  I am frankly quite
confused about what we want here :)

> We do refer to the vulnerabilities draft after the brief discussion
> of the replay vulnerabilities..  So are you ok with putting the
> text proposed above and then referring to the vulerabilities draft ?
> VM> As long as you put the text for the DoS case too, I am 
> ok. Else let us directly point to the vulnerabilities draft without 
> mentioning cases.

Another try on the text :)  How about the following + the already
existing text that refers to the vulnerability draft ?
===
"Replaying these type of packets can make the router spend some
resources.  Also when the OSPF adjacency is not FULL, replaying 
database description packets can cause disruption in forming the
adjacency which can lead to DoS attack on the network."
===

> VM> As Suresh rightly said ESN does not make sense with manual keying.
> So it is not about ESN alone. DSCP was one example I had pointed out
> too.

Would you be kind enough to propose some specific text and the place
in the draft where it should be added ?

> Thanks and sorry for bothering you,

You are not bothering us !  Thanks to you for reviewing the draft 
so many times and spending so much time on the issues.  We appreciate 
it !

Regards
Mukesh

v2.23.0 | Report a Bug | By Email