Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
Manav Bhatia <manav_bhatia06@yahoo.co.uk> Fri, 18 August 2006 20:48 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEBGh-0003Zp-PY; Fri, 18 Aug 2006 16:48:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEBGf-0003Yo-Qi for ospf@ietf.org; Fri, 18 Aug 2006 16:48:37 -0400
Received: from web25402.mail.ukl.yahoo.com ([217.12.10.136]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GEBGe-0006Pz-BA for ospf@ietf.org; Fri, 18 Aug 2006 16:48:37 -0400
Received: (qmail 36932 invoked by uid 60001); 18 Aug 2006 20:48:24 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xIaAM8UGF0IQxqV+3NRU6jVSgY2O1IKXdid5V9HwhTyvsNpu96t71IikqDBWhVFOHZ0cp+FYkHPRSIm47BkrIlBKi06t0MoP25e1TmtDQBLiBg8Fqx/kdMyVyNgstUvxKRUJk2HVZhNmMfhjkS7FZ3fzjK8w94kL1Q+fsBcAVgo= ;
Message-ID: <20060818204824.36930.qmail@web25402.mail.ukl.yahoo.com>
Received: from [202.144.106.189] by web25402.mail.ukl.yahoo.com via HTTP; Fri, 18 Aug 2006 20:48:24 GMT
Date: Fri, 18 Aug 2006 20:48:24 +0000
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
To: Erblichs <erblichs@earthlink.net>, Vishwas Manral <vishwas.ietf@gmail.com>
In-Reply-To: <44E604FE.25C78187@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.9 (/)
X-Scan-Signature: a8a20a483a84f747e56475e290ee868e
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Mitchell, Type 2 in RFC 2328 is not reserved for MD5, but is instead used to denote some sort of Cryptographic Authentication as opposed to NULL authentication and simple password scheme. Refer to Figure 2 in our draft. It shows the way the authentication data must be filled in the OSPF header if the Authentication Type is set to 2. Cryptographic Authentication (Type 2) as defined in RFC 2328 allows for any auth algorithm to be used without altering the protocol packets. This is done by including the Key ID in the authentication data. Key ID carried in the packet uniquely identifies an OSPF SA and gives the authentication algorithm and the secret key that is used to create the message digest appended to the OSPF packet. If the Key ID maps to a HMAC-SHA algorithm then the HMAC is appended to the OSPF packet instead of the MD5 digest. Cheers, Manav ----- Original Message ---- From: Erblichs <erblichs@earthlink.net> To: Vishwas Manral <vishwas.ietf@gmail.com> Cc: ospf@ietf.org; Manav Bhatia <manav@riverstonenet.com> Sent: Friday, 18 August, 2006 11:50:46 PM Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral, et al, RFC 2328 specificly specifies "message digest" in section D3. I am not expert in this field, but wouldn't a section why Type 2 shouldn't then be reserved for MD5? It should ALSO be a simple argument that any type 2 before now was using MD5. Thus it is a defacto standard for the type. And then and a aditional type by allocated for HMAC-SHA auth. Mitchell Erblich ---------------- Vishwas Manral wrote: > > Hi, > > We have updated the OSPF HMAC-SHA authentication draft with the comments > that we received on the list and offline. > > The updated version has a short section which discusses backwards > compatibility, similarities and differences from using MD5 (which is > explained in Section 5 of 2328), etc. > > http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha- > 02.txt > > Please let us know if there are further modifications desired. > > Cheers, > Manav, Vishwas, et al. > > ----- Original Message ----- > From: <Internet-Drafts@ietf.org> > To: <i-d-announce@ietf.org> > Sent: Friday, August 18, 2006 1:20 AM > Subject: I-D ACTION:draft-bhatia-manral-white-ospf-hmac-sha-02.txt > > > >A New Internet-Draft is available from the on-line Internet-Drafts > > > directories. > > > > > > > > > Title : OSPF HMAC Cryptographic Authentication > > > Author(s) : M. Bhatia, et al. > > > Filename : draft-bhatia-manral-white-ospf-hmac-sha-02.txt > > > Pages : 11 > > > Date : 2006-8-17 > > > > > > This document describes a mechanism for authenticating OSPF packets > > > by making use of the HMAC algorithm in conjunction with the SHA > > > family of cryptographic hash functions. Because of the way the hash > > > functions are used in HMAC construction, the collision attacks > > > currently known against SHA-1 do not apply. > > > > > > This will be done in addition to the already documented > > > authentication schemes described in the base specification. > > > > > > A URL for this Internet-Draft is: > > > > http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha- > 02.txt > > > > > > To remove yourself from the I-D Announcement list, send a message to > > > i-d-announce-request@ietf.org with the word unsubscribe in the body of > > > the message. > > > You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce > > > to change your subscription settings. > > > > > > Internet-Drafts are also available by anonymous FTP. Login with the > > > username "anonymous" and a password of your e-mail address. After > > > logging in, type "cd internet-drafts" and then > > > "get draft-bhatia-manral-white-ospf-hmac-sha-02.txt". > > _______________________________________________ > OSPF mailing list > OSPF@ietf.org > https://www1.ietf.org/mailman/listinfo/ospf _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… tom.petch
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Michael J Barnes
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Russ White
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Dave Katz
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Paul Jakma
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem