Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha-05
"Bhatia, Manav (Manav)" <manav@alcatel-lucent.com> Wed, 22 July 2009 15:33 UTC
Return-Path: <manav@alcatel-lucent.com>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B1E593A6820; Wed, 22 Jul 2009 08:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d18HaDEwde83; Wed, 22 Jul 2009 08:33:57 -0700 (PDT)
Received: from hoemail1.alcatel.com (hoemail1.alcatel.com [192.160.6.148]) by core3.amsl.com (Postfix) with ESMTP id 83B723A6B35; Wed, 22 Jul 2009 08:33:54 -0700 (PDT)
Received: from horh1.usa.alcatel.com (h172-22-218-55.lucent.com [172.22.218.55]) by hoemail1.alcatel.com (8.13.8/IER-o) with ESMTP id n6MFVlat012760; Wed, 22 Jul 2009 10:31:47 -0500 (CDT)
Received: from mail.apac.alcatel-lucent.com (h202-65-2-130.alcatel.com [202.65.2.130]) by horh1.usa.alcatel.com (8.13.8/emsr) with ESMTP id n6MFVhx4009032; Wed, 22 Jul 2009 10:31:45 -0500 (CDT)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com (inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by mail.apac.alcatel-lucent.com (8.13.7/8.13.7/Alcanet1.0) with ESMTP id n6MFQLRm030242; Wed, 22 Jul 2009 23:26:22 +0800
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi; Wed, 22 Jul 2009 21:01:34 +0530
From: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
To: "Black_David@emc.com" <Black_David@emc.com>, "gen-art@ietf.org" <gen-art@ietf.org>, "vishwas@ipinfusion.com" <vishwas@ipinfusion.com>, "mfanto@aegisdatasecurity.com" <mfanto@aegisdatasecurity.com>, "riw@cisco.com" <riw@cisco.com>, "tony.li@tony.li" <tony.li@tony.li>, "mjbarnes@cisco.com" <mjbarnes@cisco.com>, "rja@extremenetworks.com" <rja@extremenetworks.com>
Date: Wed, 22 Jul 2009 21:01:32 +0530
Thread-Topic: Gen-ART review of draft-ietf-ospf-hmac-sha-05
Thread-Index: Acm0yTf6A1Uyv+DXSLmW1Y0BiCQELhUcy+/wAGk6GoA=
Message-ID: <7C362EEF9C7896468B36C9B79200D8350A1C59A40B@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <9FA859626025B64FBC2AF149D97C944A033D043C@CORPUSMX80A.corp.emc.com>
In-Reply-To: <9FA859626025B64FBC2AF149D97C944A033D043C@CORPUSMX80A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 172.22.12.27
X-Scanned-By: MIMEDefang 2.64 on 202.65.2.130
Cc: "ospf@ietf.org" <ospf@ietf.org>, "adrian.farrel@huawei.com" <adrian.farrel@huawei.com>
Subject: Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha-05
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2009 15:33:58 -0000
Hi David, Thanks for the review! > I wonder whether the "SHOULD" requirement for implementation > in Section 3 ought to include HMAC-SHA-224 and HMAC-SHA-384. > I would have stated requirements for these two hashes as "MAY" > in order to encourage use of either HMAC-SHA-256 or HMAC-SHA-512 > when HMAC-SHA-1 is insufficient, but this is a judgment call. > To avoid confusion, this is a request that the authors think > about this topic; it is *not* a comment that the requirement > needs to be changed. If the authors believe that the current > "SHOULD" requirements for these two hashes are the right > approach, that is acceptable to me. Given that SHA-224 (and perhaps SHA-384) is not even present in all crypto libraries we could, if others don't see a problem, move this from a SHOULD to a MAY. > In Section 3.2, it would be useful for the draft to say that an > OSPFv2 Security Association is not set up inband via OSPFv2, in > contrast to an IPsec Security Association created via IKE. Among Yup, sounds reasonable. We could add this too. > the reasons that this should be done is that the term "OSPFv2 > Security Association" is introduced in this draft - that term > does not occur in RFC 2328, even though Section D.3 of RFC 2328 > defines an abstraction for which "OSPFv2 Security Association" > is an appropriate name. I recommend stating that this term is > new to this draft. > > The mention of IP Security in the next to last paragraph of > the Security Considerations (section 4) should cite an > informative reference, RFC 4301 would be appropriate. > Yup, this can also be done. Cheers, Manav
- [OSPF] Gen-ART review of draft-ietf-ospf-hmac-sha… Acee Lindem
- Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac… Bhatia, Manav (Manav)
- [OSPF] FW: Gen-ART review of draft-ietf-ospf-hmac… Acee Lindem
- Re: [OSPF] Gen-ART review of draft-ietf-ospf-hmac… Acee Lindem