Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call

Alan Davey <Alan.Davey@metaswitch.com> Mon, 09 May 2011 09:51 UTC

Return-Path: <Alan.Davey@metaswitch.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B22E06C0 for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 02:51:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-zIN2ng1dhJ for <ospf@ietfa.amsl.com>; Mon, 9 May 2011 02:51:40 -0700 (PDT)
Received: from enfiets2.dataconnection.com (enfiets2.dataconnection.com [192.91.191.39]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD8BE0651 for <ospf@ietf.org>; Mon, 9 May 2011 02:51:40 -0700 (PDT)
Received: from ENFIMBOX2.ad.datcon.co.uk (172.18.74.17) by enfiets2.dataconnection.com (172.18.4.22) with Microsoft SMTP Server (TLS) id 8.3.137.0; Mon, 9 May 2011 10:52:35 +0100
Received: from ENFIMBOX1.ad.datcon.co.uk ([172.18.10.27]) by ENFIMBOX2.ad.datcon.co.uk ([172.18.74.17]) with mapi; Mon, 9 May 2011 10:51:39 +0100
From: Alan Davey <Alan.Davey@metaswitch.com>
To: OSPF List <ospf@ietf.org>
Date: Mon, 9 May 2011 10:51:37 +0100
Thread-Topic: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
Thread-Index: AcwLINm8SJe/TIj+S6mOP4lxGV/4CwDDBq7A
Message-ID: <11DE3EEC54A8A44EAD99D8C0D3FD7207AA16D4F20A@ENFIMBOX1.ad.datcon.co.uk>
References: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com>
In-Reply-To: <40FF7945-5254-4F70-86EB-A617FBA866E6@lindem.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Vishwas Manral <vishwas@ipinfusion.com>
Subject: Re: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2011 09:51:41 -0000

Folks

One minor point on the draft; it is not clear to me if the Auth Data Len field is the inclusive length of the entire authentication trailer, or just the length of the Authentication Data.

I think that the inclusive length of the authentication trailer is preferable.  

Either way, the text in section 4.1 could be made specific by changing "message digest" to "authentication trailer" or "Authentication Data".

Regards
Alan Davey

Network Technologies Division
Metaswitch Networks
alan.davey@metaswitch.com
+44 (0) 20 8366 1177
www.metaswitch.com




-----Original Message-----
From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Acee Lindem
Sent: 05 May 2011 13:35
To: OSPF List
Cc: Vishwas Manral
Subject: [OSPF] OSPFv3 Authentication Trailer (AT) Draft WG Last Call

All, 

We will make these editorial changes as part of the WG last call ending on May 9. We will not issue an 05 version of the draft until the WG last period has ended. Please review the document by May 9th, if you intend to do so. 


Clarification: 

***************
*** 308,314 ****
    Trailer is very similar to how it is done in case of [RFC2328].  The
    only difference between the OSPFv2 authentication trailer and the
    OSPFv3 authentication trailer is that information in addition to the
!    message digest is included.

    Consistent with OSPFv2 cryptographic authentication [RFC2328], both
    OSPFv3 header checksum calculation and verification are omitted when
--- 308,317 ----
    Trailer is very similar to how it is done in case of [RFC2328].  The
    only difference between the OSPFv2 authentication trailer and the
    OSPFv3 authentication trailer is that information in addition to the
!    message digest is included.  The additional information in the OSPFv3
!    Authentication Trailer is included in the message digest computation
!    and, therefore, protected by OSPFv3 cryptographic authentication as
!    described herein.

    Consistent with OSPFv2 cryptographic authentication [RFC2328], both
    OSPFv3 header checksum calculation and verification are omitted when
***************


Correction: 

***************
*** 623,631 ****

    2.  First Hash

!        First, the OSPFv3 packet's Authentication Trailer (which is very
!        similar to the appendage described in RFC 2328, Section D.4.3,
!        Page 233, items(6)(a) and (6)(d)) is filled with the value Apad.

        Then, a First-Hash, also known as the inner hash, is computed as
        follows:
--- 623,632 ----

    2.  First Hash

!        First, the OSPFv3 packet's Authentication Data field in the
!        Authentication Trailer (which is very similar to the appendage
!        described in RFC 2328, Section D.4.3, Page 233, items(6)(a) and
!        (6)(d)) is filled with the value Apad.

        Then, a First-Hash, also known as the inner hash, is computed as
        follows:
***************
*** 635,643 ****
        Implementation Notes:

           Note that the First-Hash above includes the Authentication
!           Trailer containing the Apad value, as well as the OSPFv3
!           packet, as per RFC 2328, Section D.4.3 and, if present, the
!           LLS block[RFC5613].

        The definition of Apad (above) ensures it is always the same
        length as the hash output.  This is consistent with RFC 2328.
--- 636,643 ----
        Implementation Notes:

           Note that the First-Hash above includes the Authentication
!           Trailer, as well as the OSPFv3 packet, as per RFC 2328,
!           Section D.4.3 and, if present, the LLS block[RFC5613].

        The definition of Apad (above) ensures it is always the same
        length as the hash output.  This is consistent with RFC 2328.
***************

Thanks,
Acee
_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www.ietf.org/mailman/listinfo/ospf