[OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call

Acee Lindem <acee@lindem.com> Thu, 05 May 2011 12:34 UTC

Return-Path: <acee@lindem.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD85E0724 for <ospf@ietfa.amsl.com>; Thu, 5 May 2011 05:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CobFKW86tRxs for <ospf@ietfa.amsl.com>; Thu, 5 May 2011 05:34:53 -0700 (PDT)
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.121]) by ietfa.amsl.com (Postfix) with ESMTP id F2857E0721 for <ospf@ietf.org>; Thu, 5 May 2011 05:34:52 -0700 (PDT)
X-Authority-Analysis: v=1.1 cv=r4yJ8ACLDmU9N8MfnU6qGSvboKzSN9UnPAeXToqJDNE= c=1 sm=0 a=PRfY_ZoAvNcA:10 a=Wma4Of2gTTwA:10 a=kj9zAlcOel0A:10 a=vBnH86IIPThSVV33hWu2Vw==:17 a=OvO2lAc5ioLa4ohNjjUA:9 a=CjuIK1q_8ugA:10 a=Mjkxkh1Wj4pHkDij:21 a=E4K4F8zVVnHUxAAo:21 a=vBnH86IIPThSVV33hWu2Vw==:117
X-Cloudmark-Score: 0
X-Originating-IP: 75.177.132.147
Received: from [75.177.132.147] ([75.177.132.147:52180] helo=[192.168.1.100]) by cdptpa-oedge01.mail.rr.com (envelope-from <acee@lindem.com>) (ecelerity 2.2.3.46 r()) with ESMTP id 1A/01-09483-B6992CD4; Thu, 05 May 2011 12:34:52 +0000
From: Acee Lindem <acee@lindem.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Thu, 5 May 2011 08:34:50 -0400
Message-Id: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com>
To: OSPF List <ospf@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Cc: Vishwas Manral <vishwas@ipinfusion.com>
Subject: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2011 12:34:53 -0000

All, 

We will make these editorial changes as part of the WG last call ending on May 9. We will not issue an 05 version of the draft until the WG last period has ended. Please review the document by May 9th, if you intend to do so. 


Clarification: 

***************
*** 308,314 ****
    Trailer is very similar to how it is done in case of [RFC2328].  The
    only difference between the OSPFv2 authentication trailer and the
    OSPFv3 authentication trailer is that information in addition to the
!    message digest is included.

    Consistent with OSPFv2 cryptographic authentication [RFC2328], both
    OSPFv3 header checksum calculation and verification are omitted when
--- 308,317 ----
    Trailer is very similar to how it is done in case of [RFC2328].  The
    only difference between the OSPFv2 authentication trailer and the
    OSPFv3 authentication trailer is that information in addition to the
!    message digest is included.  The additional information in the OSPFv3
!    Authentication Trailer is included in the message digest computation
!    and, therefore, protected by OSPFv3 cryptographic authentication as
!    described herein.

    Consistent with OSPFv2 cryptographic authentication [RFC2328], both
    OSPFv3 header checksum calculation and verification are omitted when
***************


Correction: 

***************
*** 623,631 ****

    2.  First Hash

!        First, the OSPFv3 packet's Authentication Trailer (which is very
!        similar to the appendage described in RFC 2328, Section D.4.3,
!        Page 233, items(6)(a) and (6)(d)) is filled with the value Apad.

        Then, a First-Hash, also known as the inner hash, is computed as
        follows:
--- 623,632 ----

    2.  First Hash

!        First, the OSPFv3 packet's Authentication Data field in the
!        Authentication Trailer (which is very similar to the appendage
!        described in RFC 2328, Section D.4.3, Page 233, items(6)(a) and
!        (6)(d)) is filled with the value Apad.

        Then, a First-Hash, also known as the inner hash, is computed as
        follows:
***************
*** 635,643 ****
        Implementation Notes:

           Note that the First-Hash above includes the Authentication
!           Trailer containing the Apad value, as well as the OSPFv3
!           packet, as per RFC 2328, Section D.4.3 and, if present, the
!           LLS block[RFC5613].

        The definition of Apad (above) ensures it is always the same
        length as the hash output.  This is consistent with RFC 2328.
--- 636,643 ----
        Implementation Notes:

           Note that the First-Hash above includes the Authentication
!           Trailer, as well as the OSPFv3 packet, as per RFC 2328,
!           Section D.4.3 and, if present, the LLS block[RFC5613].

        The definition of Apad (above) ensures it is always the same
        length as the hash output.  This is consistent with RFC 2328.
***************

Thanks,
Acee