Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
"Tom Sanders" <toms.sanders@gmail.com> Mon, 21 August 2006 11:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GF7ph-0001Gt-L2; Mon, 21 Aug 2006 07:20:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GF7pg-0001Go-5m for ospf@ietf.org; Mon, 21 Aug 2006 07:20:40 -0400
Received: from py-out-1112.google.com ([64.233.166.178]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GF7pe-0002XA-V0 for ospf@ietf.org; Mon, 21 Aug 2006 07:20:40 -0400
Received: by py-out-1112.google.com with SMTP id z59so1182593pyg for <ospf@ietf.org>; Mon, 21 Aug 2006 04:20:38 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=p1sp3IM7vT3Z6KeK9YTm8++G/1+Y3zZptLgeHQQ0sOJYq1W/dyFzRxVryAnsmHRAUS0PqYFPqGtn3JxXQ0B3PWgq2pCJUGtvrE+nCYKQic8Owm2eoYo95T4RkOVn2oVrinQm9j0BxzT4lHZCT0W1D5SWAXGEEKlDiJe0/LZyg4U=
Received: by 10.35.51.13 with SMTP id d13mr13094167pyk; Mon, 21 Aug 2006 04:20:38 -0700 (PDT)
Received: by 10.35.128.2 with HTTP; Mon, 21 Aug 2006 04:20:38 -0700 (PDT)
Message-ID: <6ed23a860608210420h19486857i748aa01cf65a91c9@mail.gmail.com>
Date: Mon, 21 Aug 2006 16:50:38 +0530
From: Tom Sanders <toms.sanders@gmail.com>
To: ospf@ietf.org
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-Reply-To: <6e6ce9380608191759j6cee8034w44b0130d1d98d2e1@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060819171729.55449.qmail@web25411.mail.ukl.yahoo.com> <6e6ce9380608191759j6cee8034w44b0130d1d98d2e1@mail.gmail.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc:
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Folks, Obviously the point that Erblichs is trying to make is that OSPF may be "technically" capable of supporting HMAC-SHA authentication in its current form, but OAM may be an issue and it may become harder to debug an auth mismatch. In the end the operator can always look at the router configurations in case OSPF doesnt come up and would know that the auth algos dont match. This can then be fixed. Yeah ..Yeah .. I understand this! What i miserably fail to understand is the reluctance in the WG to use a new authentication type. We have 16 bits reserved for this field and i dont see this being used up any time in the coming future. Explictly indicating the auth algo details in the header makes, in my view, debugging extremely easy. I understand that we would be eating up type codes that we would have to fill in the OSPF header each time we come up with a new authentication algorithm but given the size of this field i dont think its a point of concern. Is it possible to poll the WG on what they think is the right approach? Chairs, Authors? The poll should be on whether we should proceed as-is in the draft or should we use a new type field for each new authentication scheme that we come out with? On 20/08/06, Phil Cowburn <phil.cowburn@gmail.com> wrote: > I strongly agree with Manav here and an implementation must be able to > demultiplex using the Key ID in the incoming packet. It is afterall > for this very reason that we put the Key ID in the packet. > > Erblichs point, as i read it is, that most implementations (if not > all) currently take type 2 to mean MD5. This may break once this draft > becomes a standard, which it would, in some time. > > My take on this is that even if the WG agrees to Erblichs solution and > introduces a new type, say 3 for HMAC-SHA-1 authentication, then > somebody else could repeat the same argument and clamour for a new > type when we're introducing newer authentication algorithms in the > future. > > Lets move on from this issue. > > Phil -- Toms. _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… tom.petch
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Michael J Barnes
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Russ White
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Dave Katz
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Paul Jakma
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem