Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
Alan Davey <Alan.Davey@metaswitch.com> Mon, 09 May 2011 09:51 UTC
Return-Path: <Alan.Davey@metaswitch.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B22E06C0 for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 02:51:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-zIN2ng1dhJ for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 02:51:40 -0700 (PDT)
Received: from enfiets2.dataconnection.com (enfiets2.dataconnection.com [192.91.191.39]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD8BE0651 for <ospf@ietf.org>; Mon, 9 May 2011 02:51:40 -0700 (PDT)
Received: from ENFIMBOX2.ad.datcon.co.uk (172.18.74.17) by enfiets2.dataconnection.com (172.18.4.22) with Microsoft SMTP Server (TLS) id 8.3.137.0; Mon, 9 May 2011 10:52:35 +0100
Received: from ENFIMBOX1.ad.datcon.co.uk ([172.18.10.27]) by ENFIMBOX2.ad.datcon.co.uk ([172.18.74.17]) with mapi; Mon, 9 May 2011 10:51:39 +0100
From: Alan Davey <Alan.Davey@metaswitch.com>
To: OSPF List <ospf@ietf.org>
Date: Mon, 09 May 2011 10:51:37 +0100
Thread-Topic: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
Thread-Index: AcwLINm8SJe/TIj+S6mOP4lxGV/4CwDDBq7A
Message-ID: <11DE3EEC54A8A44EAD99D8C0D3FD7207AA16D4F20A@ENFIMBOX1.ad.datcon.co.uk>
References: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com>
In-Reply-To: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Vishwas Manral <vishwas@ipinfusion.com>
Subject: Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2011 09:51:41 -0000
Folks One minor point on the draft; it is not clear to me if the Auth Data Len field is the inclusive length of the entire authentication trailer, or just the length of the Authentication Data. I think that the inclusive length of the authentication trailer is preferable. Either way, the text in section 4.1 could be made specific by changing "message digest" to "authentication trailer" or "Authentication Data". Regards Alan Davey Network Technologies Division Metaswitch Networks alan.davey@metaswitch.com +44 (0) 20 8366 1177 www.metaswitch.com -----Original Message----- From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem Sent: 05 May 2011 13:35 To: OSPF List Cc: Vishwas Manral Subject: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call All, We will make these editorial changes as part of the WG last call ending on May 9. We will not issue an 05 version of the draft until the WG last period has ended. Please review the document by May 9th, if you intend to do so. Clarification: *************** *** 308,314 **** Trailer is very similar to how it is done in case of [RFC2328]. The only difference between the OSPFv2 authentication trailer and the OSPFv3 authentication trailer is that information in addition to the ! message digest is included. Consistent with OSPFv2 cryptographic authentication [RFC2328], both OSPFv3 header checksum calculation and verification are omitted when --- 308,317 ---- Trailer is very similar to how it is done in case of [RFC2328]. The only difference between the OSPFv2 authentication trailer and the OSPFv3 authentication trailer is that information in addition to the ! message digest is included. The additional information in the OSPFv3 ! Authentication Trailer is included in the message digest computation ! and, therefore, protected by OSPFv3 cryptographic authentication as ! described herein. Consistent with OSPFv2 cryptographic authentication [RFC2328], both OSPFv3 header checksum calculation and verification are omitted when *************** Correction: *************** *** 623,631 **** 2. First Hash ! First, the OSPFv3 packet's Authentication Trailer (which is very ! similar to the appendage described in RFC 2328, Section D.4.3, ! Page 233, items(6)(a) and (6)(d)) is filled with the value Apad. Then, a First-Hash, also known as the inner hash, is computed as follows: --- 623,632 ---- 2. First Hash ! First, the OSPFv3 packet's Authentication Data field in the ! Authentication Trailer (which is very similar to the appendage ! described in RFC 2328, Section D.4.3, Page 233, items(6)(a) and ! (6)(d)) is filled with the value Apad. Then, a First-Hash, also known as the inner hash, is computed as follows: *************** *** 635,643 **** Implementation Notes: Note that the First-Hash above includes the Authentication ! Trailer containing the Apad value, as well as the OSPFv3 ! packet, as per RFC 2328, Section D.4.3 and, if present, the ! LLS block[RFC5613]. The definition of Apad (above) ensures it is always the same length as the hash output. This is consistent with RFC 2328. --- 636,643 ---- Implementation Notes: Note that the First-Hash above includes the Authentication ! Trailer, as well as the OSPFv3 packet, as per RFC 2328, ! Section D.4.3 and, if present, the LLS block[RFC5613]. The definition of Apad (above) ensures it is always the same length as the hash output. This is consistent with RFC 2328. *************** Thanks, Acee _______________________________________________ OSPF mailing list OSPF@ietf.org https://www.ietf.org/mailman/listinfo/ospf