Re: [OSPF] [karp] Securing the source IP in OSPF
Glen Kent <glen.kent@gmail.com> Wed, 30 March 2011 19:47 UTC
Return-Path: <glen.kent@gmail.com>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 829893A6A7F; Wed, 30 Mar 2011 12:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCGPgQkLGB2V; Wed, 30 Mar 2011 12:47:57 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id DCBDF3A68E0; Wed, 30 Mar 2011 12:47:55 -0700 (PDT)
Received: by wwa36 with SMTP id 36so1372450wwa.13 for <multiple recipients>; Wed, 30 Mar 2011 12:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=sPrZT6nfkHukC1n5qIk3hRNWtiOfqhBCC6iAIgH2uoY=; b=S9O3wXEGKcbeq2Dzc+eNLBUEso0LugubIXsauP90e0FEZnk0v0XJiwIOfhVgUI1PQ6 5nvCMg5dMaBygqnxUBDD4OBMZz4VfU4iYdPvo3yysMEG8hoa3fulSXfZFdEecgEM9Vn5 cY0yUu1W4bRNFmOZHCKlQsES54U8FMDAqOwPs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=sBxLZGJvvuFI2WGslYAIW+8E1fjmUryVAuoOnNlG+FGJ+NW+5mXMOO9phQrEa5ltPR myN15xWDG5kdhWu8M2QpJ1Vics5ujCk9kA/3g2H1pFgV6XSPcs7G35hlrynIReh6cShe VPNQiYzMrMpWlSaI8P5AO8YIhRaoYfEW82b9k=
MIME-Version: 1.0
Received: by 10.227.179.140 with SMTP id bq12mr1800675wbb.152.1301514573967; Wed, 30 Mar 2011 12:49:33 -0700 (PDT)
Received: by 10.227.21.166 with HTTP; Wed, 30 Mar 2011 12:49:33 -0700 (PDT)
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350CFCF66B2B@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <Acvu7tgQXxp0oLMAR5uSduO0/re6CQ==> <7C362EEF9C7896468B36C9B79200D8350CFCF66B2B@INBANSXCHMBSA1.in.alcatel-lucent.com>
Date: Thu, 31 Mar 2011 01:19:33 +0530
Message-ID: <AANLkTikDjrhFzF5qRdMKgg2rTK-cT0FNv1L3Vkj9fGWD@mail.gmail.com>
From: Glen Kent <glen.kent@gmail.com>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "ospf@ietf.org" <ospf@ietf.org>, "karp@ietf.org" <karp@ietf.org>
Subject: Re: [OSPF] [karp] Securing the source IP in OSPF
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2011 19:47:58 -0000
Assuming that you will create a new Auth type i think this must be done unless the Apad has that fixed value because of some particular reason. I suspect that its just a random value that one usually finds in the security literature. It could have as well been 0xdeadbeef or 0xdeadbabe. Glen On Wed, Mar 30, 2011 at 8:56 PM, Bhatia, Manav (Manav) <manav.bhatia@alcatel-lucent.com> wrote: > > Hi, > > Because of paucity of time I did not discuss the IP header protection for OSPF Security. > > I would request people to go through section 6 - "Mechanism to secure the IP header" of http://tools.ietf.org/html/draft-bhatia-karp-ospf-ip-layer-protection-03 and let us know if they have any concerns with that section. > > Cheers, Manav > > -- > Manav Bhatia, > IP Division, Alcatel-Lucent, > Bangalore - India > > > _______________________________________________ > karp mailing list > karp@ietf.org > https://www.ietf.org/mailman/listinfo/karp >
- [OSPF] Securing the source IP in OSPF Bhatia, Manav (Manav)
- Re: [OSPF] [karp] Securing the source IP in OSPF Glen Kent