Re: draft-ietf-ospf-ospfv3-auth-04.txt

Suresh Melam <nagavenkata.melam@NOKIA.COM> Fri, 09 July 2004 18:05 UTC

Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA16382 for <ospf-archive@LISTS.IETF.ORG>; Fri, 9 Jul 2004 14:05:18 -0400 (EDT)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <18.00E0D5E5@cherry.ease.lsoft.com>; Fri, 9 Jul 2004 14:05:17 -0400
Received: from PEACH.EASE.LSOFT.COM by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 1.8e) with spool id 25231933 for OSPF@PEACH.EASE.LSOFT.COM; Fri, 9 Jul 2004 14:05:16 -0400
Received: from 131.228.20.22 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0i) with TCP; Fri, 9 Jul 2004 13:55:16 -0400
Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i69HtEA03957 for <OSPF@PEACH.EASE.LSOFT.COM>; Fri, 9 Jul 2004 20:55:14 +0300 (EET DST)
X-Scanned: Fri, 9 Jul 2004 20:54:49 +0300 Nokia Message Protector V1.3.31 2004060815 - RELEASE
Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id i69Hsnpo001856 for <OSPF@PEACH.EASE.LSOFT.COM>; Fri, 9 Jul 2004 20:54:49 +0300
Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks001.ntc.nokia.com 00XAxnYe; Fri, 09 Jul 2004 20:54:46 EEST
Received: from daebh001.NOE.Nokia.com (daebh001.americas.nokia.com [10.241.35.121]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i69Hsfu20100 for <OSPF@PEACH.EASE.LSOFT.COM>; Fri, 9 Jul 2004 20:54:41 +0300 (EET DST)
Received: from mvebe001.NOE.Nokia.com ([172.18.140.37]) by daebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 9 Jul 2004 12:54:40 -0500
Received: mvebe001.americas.nokia.com 172.18.140.37 from 172.19.90.27 172.19.90.27 via HTTP with MS-WebStorage 6.0.6249
Received: from mvwsipd90027 by mvebe001.americas.nokia.com; 09 Jul 2004 10:52:07 -0700
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1.Linox.1)
X-OriginalArrivalTime: 09 Jul 2004 17:54:40.0502 (UTC) FILETIME=[CECE4960:01C465DD]
Message-ID: <1089395527.853.66.camel@mvwsipd90027>
Date: Fri, 9 Jul 2004 10:52:07 -0700
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: Suresh Melam <nagavenkata.melam@NOKIA.COM>
Subject: Re: draft-ietf-ospf-ospfv3-auth-04.txt
To: OSPF@PEACH.EASE.LSOFT.COM
Precedence: list
Content-Transfer-Encoding: 7bit

Hi Abhay/Vishwas,

comments inline,

thanks,
-suresh (Nagavenkata Suresh Melam)


>> Hi Vishwas,
>>
>> Thanks for the comments.  Please see my comments inline..
>>
>> > 1. I am not sure we should have a statement which says OSPFv3
>> > is only for IPv6.
>> > "As OSPFv2 is only for IPv4 and OSPFv3 is only for IPv6,
>> > the distinction between the packets can be easily made by
>> > IP version. "
>>
>> Do you have a replacement statement that you would prefer ?
>> As the IP protocol type value for OSPF and OSPFv3 is same,
>> we have to depend upon the IP version to separate OSPF and
>> OSPFv3 packets.
>
>Just FYI, we can run OSPFv3 using IPv4 transport (see section 9 of
>draft-mirtorabi-ospfv3-af-alt-01.txt). In which case the demux
>will be based on OSPF protocol version.
>

IPsec selectors are not usually any deeper than protocol field of
IP header and port numbers of UDP/TCP transport protocol. Thus, OSPF
protocol version cannot be one of the selector.

If OSPFv3 runs on IPv4 transport, there wouldn't be any way
to distinguish OSPFv3 packets from OSPFv2 packets, as both of them
use same protocol value. Thus IPsec security, as mentioned in
"Security considerations" section of RFC2740 and ospfv3-auth draft,
cannot be provided to these packets. Perhaps this should be mentioned
in the "Security Considerations" section of ospfv3-af-alt draft.

>Regards,
>-Roy-