Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Tue, 12 April 2011 20:41 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfc.amsl.com
Delivered-To: ospf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 3F955E0957 for <ospf@ietfc.amsl.com>; Tue, 12 Apr 2011 13:41:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.376
X-Spam-Level:
X-Spam-Status: No, score=-5.376 tagged_above=-999 required=5 tests=[AWL=1.222, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYk4N6-P87OP for <ospf@ietfc.amsl.com>; Tue, 12 Apr 2011 13:41:43 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfc.amsl.com (Postfix) with ESMTP id 2AEE8E0924 for <ospf@ietf.org>; Tue, 12 Apr 2011 13:41:43 -0700 (PDT)
Received: from inbansmailrelay2.in.alcatel-lucent.com (h135-250-11-33.lucent.com [135.250.11.33]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id p3CKfYCa020603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 12 Apr 2011 15:41:36 -0500 (CDT)
Received: from INBANSXCHHUB03.in.alcatel-lucent.com (inbansxchhub03.in.alcatel-lucent.com [135.250.12.80]) by inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p3CKfV43030598 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 13 Apr 2011 02:11:31 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB03.in.alcatel-lucent.com ([135.250.12.80]) with mapi; Wed, 13 Apr 2011 02:11:31 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Vishwas Manral <vishwas.ietf@gmail.com>, Michael Barnes <michael_barnes@usa.net>
Date: Wed, 13 Apr 2011 02:11:28 +0530
Thread-Topic: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
Thread-Index: Acv5M2YzBOOzWLq7TICvbcMDYI+EIQAHg/yw
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFD037D65@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <566PDLFAb2496S04.1302586047@web04.cms.usa.net> <BANLkTimM8QO9p1pRNkFTougUgbKH0b=V3Q@mail.gmail.com>
In-Reply-To: <BANLkTimM8QO9p1pRNkFTougUgbKH0b=V3Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7C362EEF9C7896468B36C9B79200D8350CFD037D65INBANSXCHMBSA_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2011 20:41:44 -0000

Hi Vishwas,

As i have explained earlier, AT is a complete solution and none of the current proposals in KARP (nonce ID, boot count, etc) will be invalidating it. AT provides the basic infrastructure over which other these will get built. The two are thus not comparable.

Cheers, Manav

________________________________
From: Vishwas Manral [mailto:vishwas.ietf@gmail.com]
Sent: Tuesday, April 12, 2011 10.32 PM
To: Michael Barnes
Cc: Bhatia, Manav (Manav); curtis@occnc.com; Abhay Roy; ospf@ietf.org
Subject: Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai

Hi Manav/ Mike,

Though it is ok to have another draft invalidate this one after some time. It would be a challenge to get implementations to change as fast (if at all).

In my view if the current solution is deemed incomplete, we can correct the current solution.

Thanks,
Vishwas
On Mon, Apr 11, 2011 at 10:27 PM, Michael Barnes <michael_barnes@usa.net<mailto:michael_barnes@usa.net>> wrote:
Hello Manav,

------ Original Message ------
Received: Mon, 11 Apr 2011 10:05:36 PM PDT
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com<mailto:manav.bhatia@alcatel-lucent.com>>
To: Michael Barnes <michael_barnes@usa.net<mailto:michael_barnes@usa.net>>,        "curtis@occnc.com<mailto:curtis@occnc.com>"
<curtis@occnc.com<mailto:curtis@occnc.com>>, Abhay Roy <akr@cisco.com<mailto:akr@cisco.com>>Cc: "ospf@ietf.org<mailto:ospf@ietf.org>"
<ospf@ietf.org<mailto:ospf@ietf.org>>
Subject: RE: [OSPF] WG Last Call for Supporting Authentication Trailer for
OSPFv3 - draft-ietf-ospf-auth-trai

> Hi Michael,
>
> > > right direction and would not have to be revisited quite as soon if
> > > something more robust were proposed.
> > >
> > > Bottom line.  Falls short of what I'd like to see but no objection.
> > >
> > > Curtis
> >
> > I agree with Curis. I'd really like to see the first version
> > of this spec at
> > least have the extended sequence number as is being discussed for v2.
>
> I disagree that AT should have a 64 bit sequence space in the base
specification primarily because we are not yet sure if the KARP boot count
approach is what the WG will finally converge on (in which case we would need
an extended sequence space). Also note that the AT provides an "Auth Type"
field which can be assigned a new value (similar to how it will be done for
OSPFv2) once we decide to move to a different scheme. The same standard that
extends the OSPFv2 sequence space can also do it for OSPFv3 AT block - really
hardly an overhead.
>
> Also note that you could consider this proposal as just bringing OSPFv3 at
par with OSPFv2. Once this is done, any proposal that extends OSPFv2 will
natively work for OSPFv3 as well.

So you are saying that this flaw is okay with you? I'd rather hold off on
pushing this forward until this flaw is fixed. And I think waiting to see what
happens in KARP might be a good idea.

Regards,
Michael

_______________________________________________
OSPF mailing list
OSPF@ietf.org<mailto:OSPF@ietf.org>
https://www.ietf.org/mailman/listinfo/ospf