IETF Logo Mail Archive

Re: draft-ietf-ospf-ospfv3-auth-04.txt

Vishwas Manral <Vishwas@SINETT.COM> Tue, 13 July 2004 14:12 UTC

Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12787 for <ospf-archive@LISTS.IETF.ORG>; Tue, 13 Jul 2004 10:12:35 -0400 (EDT)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <6.00E13C61@cherry.ease.lsoft.com>; Tue, 13 Jul 2004 10:12:33 -0400
Received: from PEACH.EASE.LSOFT.COM by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 1.8e) with spool id 25738944 for OSPF@PEACH.EASE.LSOFT.COM; Tue, 13 Jul 2004 10:12:32 -0400
Received: from 63.197.255.158 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0i) with TCP; Tue, 13 Jul 2004 10:12:32 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Thread-Topic: draft-ietf-ospf-ospfv3-auth-04.txt
Thread-Index: AcRnhAgOxnf9biFSQKq+KvDkqoNGdABXS9eA
Message-ID: <BB6D74C75CC76A419B6D6FA7C38317B22E8375@sinett-sbs.SiNett.LAN>
Date: Tue, 13 Jul 2004 07:15:24 -0700
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Vishwas Manral <Vishwas@SINETT.COM>
Subject: Re: draft-ietf-ospf-ospfv3-auth-04.txt
To: OSPF@PEACH.EASE.LSOFT.COM
Precedence: list
Content-Transfer-Encoding: quoted-printable

Hi Abhay,

I agree that could be made clearer in Section 7.

Also keeping with the OSPFv3 RFC, the use of term link instead of interface in a few cases in the draft.

Thanks,
Vishwas

-----Original Message-----
From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM]On Behalf Of Abhay
Roy
Sent: Monday, July 12, 2004 1:44 AM
To: OSPF@PEACH.EASE.LSOFT.COM
Subject: Re: draft-ietf-ospf-ospfv3-auth-04.txt


Suresh,

I am afraid, we need to have IPsec selector go deeper. Otherwise
we can't allow different OSPFv3 Instance ID's to use different
IPsec security associations (SAs).

I noticed that draft-ietf-ospf-ospfv3-auth doesn't talk about
possibility of running multiple instance per link, and it's
interaction / implications with IPSec SAs. We should address that.

Regards,
-Roy-

On 07/09/04-0700 at 10:52am, Suresh Melam writes:

> Hi Abhay/Vishwas,
>
> comments inline,
>
> thanks,
> -suresh (Nagavenkata Suresh Melam)
>
>
> >> Hi Vishwas,
> >>
> >> Thanks for the comments.  Please see my comments inline..
> >>
> >> > 1. I am not sure we should have a statement which says OSPFv3
> >> > is only for IPv6.
> >> > "As OSPFv2 is only for IPv4 and OSPFv3 is only for IPv6,
> >> > the distinction between the packets can be easily made by
> >> > IP version. "
> >>
> >> Do you have a replacement statement that you would prefer ?
> >> As the IP protocol type value for OSPF and OSPFv3 is same,
> >> we have to depend upon the IP version to separate OSPF and
> >> OSPFv3 packets.
> >
> >Just FYI, we can run OSPFv3 using IPv4 transport (see section 9 of
> >draft-mirtorabi-ospfv3-af-alt-01.txt). In which case the demux
> >will be based on OSPF protocol version.
> >
>
> IPsec selectors are not usually any deeper than protocol field of
> IP header and port numbers of UDP/TCP transport protocol. Thus, OSPF
> protocol version cannot be one of the selector.
>
> If OSPFv3 runs on IPv4 transport, there wouldn't be any way
> to distinguish OSPFv3 packets from OSPFv2 packets, as both of them
> use same protocol value. Thus IPsec security, as mentioned in
> "Security considerations" section of RFC2740 and ospfv3-auth draft,
> cannot be provided to these packets. Perhaps this should be mentioned
> in the "Security Considerations" section of ospfv3-af-alt draft.
>
> >Regards,
> >-Roy-
>

v2.23.0 | Report a Bug | By Email