[OSPF] FW: New Version Notification - draft-ietf-ospf-security-extension-manual-keying-11.txt

"Acee Lindem (acee)" <acee@cisco.com> Mon, 10 November 2014 20:41 UTC

Return-Path: <acee@cisco.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id F1BA31ACE3E for <ospf@ietfa.amsl.com>; Mon, 10 Nov 2014 12:41:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.095
X-Spam-Status: No, score=-15.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nw5sOVjpWy_s for <ospf@ietfa.amsl.com>; Mon, 10 Nov 2014 12:41:34 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45FC91A70FF for <ospf@ietf.org>; Mon, 10 Nov 2014 12:41:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2432; q=dns/txt; s=iport; t=1415652094; x=1416861694; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=tTCFnSdB2i8EHu/V0HJKczNeA6gMtoCV+jcVJW7KuB4=; b=cVzMTbYnqLw4yaFgvkm6EJ9z0aoRmxv3ZR7lGBIkTivP1i2KkeqFiNXF FCIDa2bnJA2eUc2lZrsPDKb2jlWUthGcf5+/jBszEkPs8jdYKoQkfXmx3 5lsuhGczeTAAYMosSlkrFliuRlgqy/3SRjA23szL1KqJ/uPBwrfWe6Ybm w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.07,354,1413244800"; d="scan'208";a="95258883"
Received: from rcdn-core-3.cisco.com ([]) by alln-iport-5.cisco.com with ESMTP; 10 Nov 2014 20:41:33 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com []) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id sAAKfX15022293 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <ospf@ietf.org>; Mon, 10 Nov 2014 20:41:33 GMT
Received: from xmb-aln-x06.cisco.com ([]) by xhc-aln-x15.cisco.com ([]) with mapi id 14.03.0195.001; Mon, 10 Nov 2014 14:41:33 -0600
From: "Acee Lindem (acee)" <acee@cisco.com>
To: OSPF WG List <ospf@ietf.org>
Thread-Topic: New Version Notification - draft-ietf-ospf-security-extension-manual-keying-11.txt
Thread-Index: AQHP/SY2pZ+suXz5A0mq2JcSJwauxpxaEBCA
Date: Mon, 10 Nov 2014 20:41:32 +0000
Message-ID: <D0864626.7B79%acee@cisco.com>
References: <20141110202726.17718.33086.idtracker@ietfa.amsl.com> <D0864528.7B6D%acee@cisco.com>
In-Reply-To: <D0864528.7B6D%acee@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="euc-kr"
Content-ID: <BB6E80E8637492488786C6DFC1766D83@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ospf/uPjLulnRXVE1P4VFG3B8h_sFSBo
Subject: [OSPF] FW: New Version Notification - draft-ietf-ospf-security-extension-manual-keying-11.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 20:41:36 -0000

Note that this version includes the clarification of Apad initialization:

     OSPF routers sending OSPF packets must initialize the first 4 octets
     of Apad to the value of the IP source address that would be used when
     sending the OSPFv2 packet.  The remainder of Apad will contain the
     value 0x878FE1F3 repeated (L - 4)/4 times, where L is the length of
     the hash, measured in octets.  The basic idea is to incorporate the
     IP source address from the IP header in the cryptographic
     authentication computation so that any change of IP source address in
     a replayed packet can be detected.


On 11/10/14, 10:37 AM, "Acee Lindem (acee)" <acee@cisco.com>; wrote:

>I believe this version satisfies both Adrian¹s and Suresh¹s comments made
>during the IESG and GENART review. It also includes a editorial correction
>from Alissa Cooper.
>On 11/10/14, 10:27 AM, "internet-drafts@ietf.org";
><internet-drafts@ietf.org>; wrote:
>>A new version (-11) has been submitted for
>>Sub state has been changed to AD Followup from Revised ID Needed
>>The IETF datatracker page for this Internet-Draft is:
>>Diff from previous version:
>>Please note that it may take a couple of minutes from the time of
>>until the htmlized version and diff are available at tools.ietf.org.
>>IETF Secretariat.