[OSPF] Automated group keying for OSPFv3
Liu Ya <liuya@huawei.com> Fri, 20 October 2006 07:36 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GaovN-0002pb-5r; Fri, 20 Oct 2006 03:36:13 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gaomw-0004tk-RJ for ospf@ietf.org; Fri, 20 Oct 2006 03:27:30 -0400
Received: from szxga02-in.huawei.com ([61.144.161.54]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GaoeE-0003gM-4T for ospf@ietf.org; Fri, 20 Oct 2006 03:18:31 -0400
Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J7F00AZCBTTSI@szxga02-in.huawei.com> for ospf@ietf.org; Fri, 20 Oct 2006 15:37:05 +0800 (CST)
Received: from huawei.com ([172.24.1.18]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0J7F002M0BTSQ9@szxga02-in.huawei.com> for ospf@ietf.org; Fri, 20 Oct 2006 15:37:04 +0800 (CST)
Received: from l52008 ([10.111.12.72]) by szxml03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0J7F002DGB7GGS@szxml03-in.huawei.com> for ospf@ietf.org; Fri, 20 Oct 2006 15:23:44 +0800 (CST)
Date: Fri, 20 Oct 2006 15:17:29 +0800
From: Liu Ya <liuya@huawei.com>
To: ospf@ietf.org
Message-id: <00a401c6f417$cdd373d0$480c6f0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: Acb0F814aGRMsi45RY2bdNWyXk713w==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Subject: [OSPF] Automated group keying for OSPFv3
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Hi all, RFC4552 provides authentication/confidentiality to OSPFv3 using AH/ESP. Manual keying is recommended as default keying method. That method is not scalable. Script configuration tools can improve that problem. However, they must be used together with additional secure mechanisms (e.g. IPsec encryption tunnels) to prevent from passing plaintext keys from configuration server to devices. Furthermore, manual intervention can not be completely avoided in such cases as router crashing and rebooting, route flapping, etc. Therefore, an automated, scalable and secure group keying method is necessary for OSPFv3. Standard group key management protocols have been defined by MSEC WG. They can be used here to serve the group keying purpose. Comments are welcome. Regards, Liu Ya _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Automated group keying for OSPFv3 Liu Ya
- Re: [OSPF] Automated group keying for OSPFv3 Curtis Villamizar