IETF Logo Mail Archive

Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)

Mukesh Gupta <mukesh@juniper.net> Wed, 03 November 2010 16:12 UTC

Return-Path: <mukesh@juniper.net>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E33F83A69CE for <ospf@core3.amsl.com>; Wed, 3 Nov 2010 09:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWh5T6owEkFf for <ospf@core3.amsl.com>; Wed, 3 Nov 2010 09:12:11 -0700 (PDT)
Received: from exprod7og103.obsmtp.com (exprod7og103.obsmtp.com [64.18.2.159]) by core3.amsl.com (Postfix) with ESMTP id C1CB13A68E7 for <ospf@ietf.org>; Wed, 3 Nov 2010 09:12:09 -0700 (PDT)
Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob103.postini.com ([64.18.6.12]) with SMTP ID DSNKTNGJ24DHIEBM/4notKGvcNZDv6OzkkvL@postini.com; Wed, 03 Nov 2010 09:12:19 PDT
Received: from EMBX01-HQ.jnpr.net ([fe80::c821:7c81:f21f:8bc7]) by P-EMHUB01-HQ.jnpr.net ([fe80::fc92:eb1:759:2c72%11]) with mapi; Wed, 3 Nov 2010 09:09:25 -0700
From: Mukesh Gupta <mukesh@juniper.net>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>, Acee Lindem <acee.lindem@ericsson.com>, Vishwas Manral <vishwas.ietf@gmail.com>
Date: Wed, 03 Nov 2010 09:09:24 -0700
Thread-Topic: [OSPF] [Technical Errata Reported] RFC4552 (2599)
Thread-Index: Act7bsi7LAUlUR+CQ1mzBmwaSZH9WgAAd2swAAAgvGA=
Message-ID: <497B6D90E0023142AF34948DEFFAB38D3B239C17FA@EMBX01-HQ.jnpr.net>
References: <20101102155316.C350CE06B7@rfc-editor.org> <AANLkTi=2S_sngGZK3sQzdhCD9hOPnD5xkd989QkaAP6w@mail.gmail.com> <66BC910D-6839-4C94-967C-B614864ECAB6@ericsson.com> <7C362EEF9C7896468B36C9B79200D8350CF4B13B1E@INBANSXCHMBSA1.in.alcatel-lucent.com>
In-Reply-To: <7C362EEF9C7896468B36C9B79200D8350CF4B13B1E@INBANSXCHMBSA1.in.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "acee@redback.com" <acee@redback.com>, "ospf@ietf.org" <ospf@ietf.org>, "adrian.farrel@huawei.com" <adrian.farrel@huawei.com>, "mukesh.gupta@tropos.com" <mukesh.gupta@tropos.com>, Suresh Melam <nmelam@juniper.net>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2010 16:12:13 -0000

Manav is right.  That was mainly the reason behind making ESP a MUST and AH a SHOULD.

Excerpt from section 3.2 of RFC 4301:

   IPsec implementations MUST support ESP and MAY
   support AH. (Support for AH has been downgraded to MAY because
   experience has shown that there are very few contexts in which ESP
   cannot provide the requisite security services.  Note that ESP can be
   used to provide only integrity, without confidentiality, making it
   comparable to AH in most contexts.)

- Mukesh

-----Original Message-----
From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Bhatia, Manav (Manav)
Sent: Wednesday, November 03, 2010 9:05 AM
To: Acee Lindem; Vishwas Manral
Cc: acee@redback.com; ospf@ietf.org; adrian.farrel@huawei.com; mukesh.gupta@tropos.com; Suresh Melam; RFC Errata System
Subject: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)

Hi Acee,

That's because 4301 requires all Ipsec implementations to MUST support ESP and MAY support AH. 

Cheers, Manav

> -----Original Message-----
> From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On 
> Behalf Of Acee Lindem
> Sent: Wednesday, November 03, 2010 9.20 PM
> To: Vishwas Manral
> Cc: acee@redback.com; ospf@ietf.org; 
> adrian.farrel@huawei.com; mukesh.gupta@tropos.com; 
> nmelam@juniper.net; RFC Errata System
> Subject: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)
> 
> Hi Vishwas,
> Do you recall the reason for making ESP mandatory and AH 
> optional for OSPFv3 IPsec? 
> Thanks,
> Acee
> On Nov 2, 2010, at 8:05 PM, Vishwas Manral wrote:
> 
> > Hi,
> > 
> > This errata is wrong. ESP provides authentication as well as
> > confidentiality, have a look at RFC 4301.
> > 
> > Thanks,
> > Vishwas
> > 
> > On Tue, Nov 2, 2010 at 8:53 AM, RFC Errata System
> > <rfc-editor@rfc-editor.org> wrote:
> >> 
> >> The following errata report has been submitted for RFC4552,
> >> "Authentication/Confidentiality for OSPFv3".
> >> 
> >> --------------------------------------
> >> You may review the report below and at:
> >> http://www.rfc-editor.org/errata_search.php?rfc=4552&eid=2599
> >> 
> >> --------------------------------------
> >> Type: Technical
> >> Reported by: John W. O'Brien <john.w.obrien@lmco.com>
> >> 
> >> Section: 3
> >> 
> >> Original Text
> >> -------------
> >> In order to provide authentication to OSPFv3, 
> implementations MUST support ESP and MAY support AH.
> >> 
> >> 
> >> Corrected Text
> >> --------------
> >> In order to provide authentication to OSPFv3, 
> implementations MUST support AH and MAY support ESP.
> >> 
> >> Notes
> >> -----
> >> Authentication can be provided by an implementation that 
> supports AH only.
> >> 
> >> Instructions:
> >> -------------
> >> This errata is currently posted as "Reported". If necessary, please
> >> use "Reply All" to discuss whether it should be verified or
> >> rejected. When a decision is reached, the verifying party (IESG)
> >> can log in to change the status and edit the report, if necessary.
> >> 
> >> --------------------------------------
> >> RFC4552 (draft-ietf-ospf-ospfv3-auth-08)
> >> --------------------------------------
> >> Title               : Authentication/Confidentiality for OSPFv3
> >> Publication Date    : June 2006
> >> Author(s)           : M. Gupta, N. Melam
> >> Category            : PROPOSED STANDARD
> >> Source              : Open Shortest Path First IGP
> >> Area                : Routing
> >> Stream              : IETF
> >> Verifying Party     : IESG
> >> _______________________________________________
> >> OSPF mailing list
> >> OSPF@ietf.org
> >> https://www.ietf.org/mailman/listinfo/ospf
> >> 
> > _______________________________________________
> > OSPF mailing list
> > OSPF@ietf.org
> > https://www.ietf.org/mailman/listinfo/ospf
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf
> 
_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email