IETF Logo Mail Archive

Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)

"Obrien, John W" <john.w.obrien@lmco.com> Wed, 03 November 2010 16:29 UTC

Return-Path: <john.w.obrien@lmco.com>
X-Original-To: ospf@core3.amsl.com
Delivered-To: ospf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16A2828C112 for <ospf@core3.amsl.com>; Wed, 3 Nov 2010 09:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.623
X-Spam-Level:
X-Spam-Status: No, score=-9.623 tagged_above=-999 required=5 tests=[AWL=0.976, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CSSHqc9pMqW for <ospf@core3.amsl.com>; Wed, 3 Nov 2010 09:29:44 -0700 (PDT)
Received: from mailfo02.lmco.com (mailfo02.lmco.com [192.35.35.12]) by core3.amsl.com (Postfix) with ESMTP id E3E053A6AD2 for <ospf@ietf.org>; Wed, 3 Nov 2010 09:29:43 -0700 (PDT)
Received: from mailgw3a.lmco.com (mailgw3a.lmco.com [192.35.35.7]) by mailfo02.lmco.com (8.14.3/8.14.3) with ESMTP id oA3GToQd000801 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ospf@ietf.org>; Wed, 3 Nov 2010 16:29:50 GMT
Received: from emss09g01.ems.lmco.com (relay6.ems.lmco.com [166.17.13.59])by mailgw3a.lmco.com (LM-6) with ESMTP id oA3GTocj007742for <ospf@ietf.org>; Wed, 3 Nov 2010 12:29:50 -0400 (EDT)
Received: from CONVERSION2-DAEMON.lmco.com by lmco.com (PMDF V6.4 #31806) id <0LBB00F01HTQO3@lmco.com> for ospf@ietf.org; Wed, 03 Nov 2010 16:29:50 +0000 (GMT)
Received: from hvxhtpn4.us.lmco.com ([158.186.148.33]) by lmco.com (PMDF V6.4 #31806) with ESMTP id <0LBB0061KHTL7F@lmco.com> for ospf@ietf.org; Wed, 03 Nov 2010 16:29:45 +0000 (GMT)
Received: from HVXMSP5.us.lmco.com ([158.186.148.28]) by hvxhtpn4.us.lmco.com ([158.186.148.33]) with mapi; Wed, 03 Nov 2010 12:29:45 -0400
Date: Wed, 03 Nov 2010 12:29:44 -0400
From: "Obrien, John W" <john.w.obrien@lmco.com>
In-reply-to: <AANLkTi=2S_sngGZK3sQzdhCD9hOPnD5xkd989QkaAP6w@mail.gmail.com>
To: "ospf@ietf.org" <ospf@ietf.org>
Message-id: <7AA4282413159948AD514B064BE1478D1840AE6F81@HVXMSP5.us.lmco.com>
MIME-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-language: en-US
Content-transfer-encoding: 7bit
Thread-Topic: [OSPF] [Technical Errata Reported] RFC4552 (2599)
Thread-Index: Act66ts2ngSySVX+T9GNd9wfBP4QTQAiTH7g
Accept-Language: en-US
acceptlanguage: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
References: <20101102155316.C350CE06B7@rfc-editor.org> <AANLkTi=2S_sngGZK3sQzdhCD9hOPnD5xkd989QkaAP6w@mail.gmail.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148, 0.0.0000 definitions=2010-11-03_07:2010-11-03, 2010-11-03, 1970-01-01 signatures=0
Subject: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2010 16:29:45 -0000

[My original reply was rejected by the list. Resent for posterity now that I've subscribed.]

Vishwas,

Thanks for your prompt response.

I do not dispute that ESP provides authentication as well, but I don't believe that fact invalidates this errata. My stated rationale still holds, does it not? If an implementation desires to provide authentication without also providing confidentiality (as is permitted by 4552), AH alone can perform that function. Furthermore, AH authenticates more of the packet than does ESP. What is the rationale, therefore, for attaching the stronger "MUST" to ESP and the weaker "MAY" to AH in Section 3, Authentication?

The errata may be invalid because the authors' intention is to mandate ESP support in all cases, regardless of the line of thought above, which I accept. That would mean that my comment against the specification should be submitted and discussed in a different forum.

Regards,
John

-----Original Message-----
From: Vishwas Manral [mailto:vishwas.ietf@gmail.com]
Sent: Tuesday, November 02, 2010 8:05 PM
To: RFC Errata System
Cc: mukesh.gupta@tropos.com; nmelam@juniper.net; stbryant@cisco.com; adrian.farrel@huawei.com; acee@redback.com; akr@cisco.com; ospf@ietf.org; Obrien, John W
Subject: EXTERNAL: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599)

Hi,

This errata is wrong. ESP provides authentication as well as
confidentiality, have a look at RFC 4301.

Thanks,
Vishwas

On Tue, Nov 2, 2010 at 8:53 AM, RFC Errata System
<rfc-editor@rfc-editor.org> wrote:
>
> The following errata report has been submitted for RFC4552,
> "Authentication/Confidentiality for OSPFv3".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=4552&eid=2599
>
> --------------------------------------
> Type: Technical
> Reported by: John W. O'Brien <john.w.obrien@lmco.com>
>
> Section: 3
>
> Original Text
> -------------
> In order to provide authentication to OSPFv3, implementations MUST support ESP and MAY support AH.
>
>
> Corrected Text
> --------------
> In order to provide authentication to OSPFv3, implementations MUST support AH and MAY support ESP.
>
> Notes
> -----
> Authentication can be provided by an implementation that supports AH only.
>
> Instructions:
> -------------
> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC4552 (draft-ietf-ospf-ospfv3-auth-08)
> --------------------------------------
> Title               : Authentication/Confidentiality for OSPFv3
> Publication Date    : June 2006
> Author(s)           : M. Gupta, N. Melam
> Category            : PROPOSED STANDARD
> Source              : Open Shortest Path First IGP
> Area                : Routing
> Stream              : IETF
> Verifying Party     : IESG
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf
>

v2.23.0 | Report a Bug | By Email