IETF Logo Mail Archive

RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft

sujay <sujayg@huawei.com> Wed, 23 August 2006 10:48 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFqI4-0001Ni-06; Wed, 23 Aug 2006 06:48:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFqI3-0001NR-D7 for ospf@ietf.org; Wed, 23 Aug 2006 06:48:55 -0400
Received: from szxga01-in.huawei.com ([61.144.161.53]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFqHy-00048p-QE for ospf@ietf.org; Wed, 23 Aug 2006 06:48:55 -0400
Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J4G0084C5WRNL@szxga01-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:03 +0800 (CST)
Received: from huawei.com ([172.24.1.18]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J4G008KS5WQUZ@szxga01-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:03 +0800 (CST)
Received: from dell60 ([10.18.7.146]) by szxml03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0J4G001735Y23A@szxml03-in.huawei.com> for ospf@ietf.org; Wed, 23 Aug 2006 18:46:51 +0800 (CST)
Date: Wed, 23 Aug 2006 16:12:48 +0530
From: sujay <sujayg@huawei.com>
Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
In-reply-to: <20060823092345.50390.qmail@web25408.mail.ukl.yahoo.com>
To: 'Manav Bhatia' <manav_bhatia06@yahoo.co.uk>
Message-id: <004301c6c6a0$e3791c70$9207120a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="gb2312"
Content-transfer-encoding: quoted-printable
Thread-index: AcbGldo11CpVlgC+RS2UfDPt5l0KPwACiNxg
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Cc: ospf@ietf.org, vishwas.manral@gmail.com
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Hi Manav,
Agree, mandatory set of algo is a must.
Which one falls in this set is unsure.
Assuming the requirement of backward compatibility  would still hold good.
I believe the network operators on this list will best mandate the minimal
algo required.
Regds,
Sujay G
My Location;
http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h
&hl=en


This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it! 
-----Original Message-----
From: Manav Bhatia [mailto:manav_bhatia06@yahoo.co.uk] 
Sent: 2006年8月23日 14:54
To: sujayg@huawei.com
Cc: ospf@ietf.org; vishwas.manral@gmail.com
Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft

Sujay,
 
OSPF can make use of various cryptographic algorithms in order to
authenticate its packets. Your concern is wrt interoperability between
disparate implementations where a particular implementation may not
implement some certain mandatory-to-implement algorithms. To ensure this
doesn’t happen, it is necessary to specify a set of mandatory-to-implement
algorithms so that there is at least one algorithm that all implementations
will have available. 
 
We cannot assume this mandatory-to-implement algorithm to be MD5, as this
has been broken. MD5CRK, was a distributed computing project to break the
MD5 hash algorithm in a short period of time. The project closed down with
the publication of their paper by Wang, X. et al., "Collisions for Hash
Functions MD4, MD5, HAVAL-128 and RIPEMD", August 2004,
http://eprint.iacr.org/2004/199  

draft-bhatia-manral-crypto-req-ospf-00.txt defines the current set of
mandatory-to-implement algorithms that can be used for the cryptographic
authentication for OSPF as well as specifies the algorithms that should/must
be implemented because they may get promoted to mandatory at some future
time. 
 
http://tools.ietf.org/wg/ospf/draft-bhatia-manral-crypto-req-ospf-00.txt
 
Cheers,
Manav
________________________________
 From: sujay [mailto:sujayg@huawei.com]
 Sent: Wednesday, August 23, 2006 2:36 PM
 To: 'Manav Bhatia'
 Cc: 'Mailing List'; ospf@ietf.org
 Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft
 
 
 Yes,
 If an authentication fails it could mean the algo's used are different.
 And if one implementation supports MD5 alone( "which I believe is commonly
used !" ), the others
 support otherwise, It could be a problem, there is no explicit way we are
converying which algo is being used.
 The Au Type = 2 is overloaded.
 Now a "MUST" clause is for the WG to decide.
 Regds,
 Sujay G
 My Location;
 
http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h
&hl=en
 
--
Lucent Technologies
 
 
 


_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email