IETF Logo Mail Archive

draft-ietf-ospf-ospfv3-auth-07.txt : Questions

Erblichs <erblichs@EARTHLINK.NET> Fri, 11 February 2005 20:54 UTC

Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10597 for <ospf-archive@LISTS.IETF.ORG>; Fri, 11 Feb 2005 15:54:31 -0500 (EST)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <11.00F8379D@cherry.ease.lsoft.com>; Fri, 11 Feb 2005 15:54:21 -0500
Received: by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 14.3) with spool id 57432431 for OSPF@PEACH.EASE.LSOFT.COM; Fri, 11 Feb 2005 15:54:19 -0500
Received: from 207.217.121.252 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0l) with TCP; Fri, 11 Feb 2005 15:54:19 -0500
Received: from h-68-164-82-176.snvacaid.dynamic.covad.net ([68.164.82.176] helo=earthlink.net) by pop-a065d14.pas.sa.earthlink.net with esmtp (Exim 3.33 #1) id 1Czhnt-00024z-00 for OSPF@PEACH.EASE.LSOFT.COM; Fri, 11 Feb 2005 12:54:17 -0800
X-Sender: "Erblichs" <@smtp.earthlink.net> (Unverified)
X-Mailer: Mozilla 4.72 [en]C-gatewaynet (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
References: <OF9345CE25.7DE72955-ON87256FA5.004FB5B7-85256FA5.0050629B@us.ibm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <420D1C62.E55BE9D2@earthlink.net>
Date: Fri, 11 Feb 2005 12:58:10 -0800
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Erblichs <erblichs@EARTHLINK.NET>
Subject: draft-ietf-ospf-ospfv3-auth-07.txt : Questions
To: OSPF@PEACH.EASE.LSOFT.COM
Precedence: list
Content-Transfer-Encoding: 7bit

Regarding
http://www.ietf.org/internet-drafts/draft-ietf-ospf-ospfv3-auth-07.txt,


1) First, if the title specifies OSPFv3, should this RFC be making
comparisons to OSPFv2?

2) There are two expriration dates specified on the first page:
Auguest 2005 and June 2005, the later with the page 1 header.

3) Doesn't OSPFv3 specifiy Instance values in the headers so
multiple instances can be matched with Authentication? This is
a major diff between OSPFv2 and OSPFv3. Without the Instance
field, only Auth/Encrypt could be used to distinguish multiple
instances.

You hide part of this when dealing with multiple SAs per link
in section 8.

4) Isn't NULL authtication supported in v3? When we support NULL
Auth, is that a must support for Auth? "Section 3. Implimentations
conforming to this specification MUST support Authentication for
OSPFv3." Does this prevent NULL auth? Is this right?

5) Why must v3 packets be sliently discarded when authentication/
confidentially is enabled? Why shouldn't their be calls into
OSPF so OSPF can log these dropped packets.

"4. Confidentiality * OSPFv3 packets that are not
   protected ... MUST be silently discarded."

  Doesn't silent discards prevent administrators from identifing
  adj failures, unsucessful secutity probing, non-synchronized
  keyrollovers, etc...

6) If a Implimentation does not support confidentiiality
   and conforms to this specifiecation, is the packet discard
   behaviour UNDEFINED?  "implimentations ... SHOULD Support... ."

7) 5. Distinguishing OSPFv3 from OSPFv2
  "OSPF version field in the OSPF header cannot be used"

   Then what was the use of this version field? 

    Are you saying that if a implimentor pushes OSPFv3 packets
    into a IPv4 domain, then they must be processed as OSPFv2
    pkts??????

    I remember a discussion of pushing OSPFv2 into the IPv6
    domain and/or OSPFv3 into IPv4. What was the result of
    this? Did the result invalidate this section?

 8) "version field in IP header can be used"

     What if an implimentation strips the IP header before
     it passes it to OSPF?? Shouldn't they be stripped before
     lower layers are called?

 9) 7. Key Managemement

    "it is not scalable"   This means that you can't use even
    2 communcation channels when different SAs are used for
    inbound and outbound traffic.

    It may be more proper to say that "it does not scale well".

Mitchell Erblich

v2.23.0 | Report a Bug | By Email