RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
sujay <sujayg@huawei.com> Wed, 23 August 2006 10:48 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFqI4-0001Ni-06; Wed, 23 Aug 2006 06:48:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFqI3-0001NR-D7 for ospf@ietf.org; Wed, 23 Aug 2006 06:48:55 -0400
Received: from szxga01-in.huawei.com ([61.144.161.53]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFqHy-00048p-QE for ospf@ietf.org; Wed, 23 Aug 2006 06:48:55 -0400
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J4G0084C5WRNL@szxga01-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:03 +0800 (CST)
Received: from huawei.com ([172.24.1.18]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J4G008KS5WQUZ@szxga01-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:03 +0800 (CST)
Received: from dell60 ([10.18.7.146]) by szxml03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0J4G001735Y23A@szxml03-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:51 +0800 (CST)
Date: Wed, 23 Aug 2006 16:12:48 +0530
From: sujay <sujayg@huawei.com>
Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-reply-to: <20060823092345.50390.qmail@web25408.mail.ukl.yahoo.com>
To: 'Manav Bhatia' <manav_bhatia06@yahoo.co.uk>
Message-id: <004301c6c6a0$e3791c70$9207120a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="gb2312"
Content-transfer-encoding: quoted-printable
Thread-index: AcbGldo11CpVlgC+RS2UfDPt5l0KPwACiNxg
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Cc: ospf@ietf.org, vishwas.manral@gmail.com
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Hi Manav, Agree, mandatory set of algo is a must. Which one falls in this set is unsure. Assuming the requirement of backward compatibility would still hold good. I believe the network operators on this list will best mandate the minimal algo required. Regds, Sujay G My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: Manav Bhatia [mailto:manav_bhatia06@yahoo.co.uk] Sent: 2006年8月23日 14:54 To: sujayg@huawei.com Cc: ospf@ietf.org; vishwas.manral@gmail.com Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft Sujay, OSPF can make use of various cryptographic algorithms in order to authenticate its packets. Your concern is wrt interoperability between disparate implementations where a particular implementation may not implement some certain mandatory-to-implement algorithms. To ensure this doesn’t happen, it is necessary to specify a set of mandatory-to-implement algorithms so that there is at least one algorithm that all implementations will have available. We cannot assume this mandatory-to-implement algorithm to be MD5, as this has been broken. MD5CRK, was a distributed computing project to break the MD5 hash algorithm in a short period of time. The project closed down with the publication of their paper by Wang, X. et al., "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", August 2004, http://eprint.iacr.org/2004/199 draft-bhatia-manral-crypto-req-ospf-00.txt defines the current set of mandatory-to-implement algorithms that can be used for the cryptographic authentication for OSPF as well as specifies the algorithms that should/must be implemented because they may get promoted to mandatory at some future time. http://tools.ietf.org/wg/ospf/draft-bhatia-manral-crypto-req-ospf-00.txt Cheers, Manav ________________________________ From: sujay [mailto:sujayg@huawei.com] Sent: Wednesday, August 23, 2006 2:36 PM To: 'Manav Bhatia' Cc: 'Mailing List'; ospf@ietf.org Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft Yes, If an authentication fails it could mean the algo's used are different. And if one implementation supports MD5 alone( "which I believe is commonly used !" ), the others support otherwise, It could be a problem, there is no explicit way we are converying which algo is being used. The Au Type = 2 is overloaded. Now a "MUST" clause is for the WG to decide. Regds, Sujay G My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en -- Lucent Technologies _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… tom.petch
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Michael J Barnes
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Russ White
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Dave Katz
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Paul Jakma
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem