IETF Logo Mail Archive

Re: [OSPF] OSPF HMAC Cryptographic Authentication

"Vishwas Manral" <vishwas.ietf@gmail.com> Mon, 17 July 2006 16:25 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2Vu2-00085e-Qy; Mon, 17 Jul 2006 12:25:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2Vu1-00085Z-UH for ospf@ietf.org; Mon, 17 Jul 2006 12:25:01 -0400
Received: from wx-out-0102.google.com ([66.249.82.198]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2Vu0-0001fU-LA for ospf@ietf.org; Mon, 17 Jul 2006 12:25:01 -0400
Received: by wx-out-0102.google.com with SMTP id i29so840833wxd for <ospf@ietf.org>; Mon, 17 Jul 2006 09:25:00 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=m3JboWMQLogCsxv3FhKyTn6b615EGrCLji+zK15FF7ZHNjNwYCZjU3WpflJnfpgJa6cANpIYMvtqnTlRTH1+NJsa9pu7yTpt1LeV0bmxIu542RteUq0dn3ek38pxur5PREAl7Je50peNAU3SP5KA8aG2yIRPpzAzGq1MAk1aCxk=
Received: by 10.70.100.2 with SMTP id x2mr3188940wxb; Mon, 17 Jul 2006 09:24:59 -0700 (PDT)
Received: by 10.70.7.7 with HTTP; Mon, 17 Jul 2006 09:24:59 -0700 (PDT)
Message-ID: <77ead0ec0607170924g3d226f97m25f8f016a36ba001@mail.gmail.com>
Date: Mon, 17 Jul 2006 21:54:59 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Rohit Gupta <rohitgupta416@indiatimes.com>
Subject: Re: [OSPF] OSPF HMAC Cryptographic Authentication
In-Reply-To: <200607171501.UAA22068@WS0005.indiatimes.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <200607171501.UAA22068@WS0005.indiatimes.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Hi Rohit,

The authors of the OSPF RFC have done it very intelligently. By
allowing the KeyId field which is Opaque, the value of the KeyId
itself defines a seperate security association(channel). IT is the
understanding between the two ends, that a particular KeyId identifies
a key as well as the cryptographic algorithm used.

That is the reason we do not need any new fields.

Thanks,
Vishwas

On 7/17/06, Rohit Gupta <rohitgupta416@indiatimes.com> wrote:
> Hi,
>
> I could not see any new field added in the OSPF message. How do you then make out whether the OSPF router is using HMAC-SHA1 algorithm or the MD5 (the normal OSPF authentication algorithm)?
>
> Thanks,
> Rohit
>
> ----- Original Message ----
> From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
> To: ospf@ietf.org
> Sent: Saturday, 15 July, 2006 5:06:45 AM
> Subject: [OSPF] OSPF HMAC Cryptographic Authentication
>
>
> Hi,
>
> We have just posted a draft that describes a mechanism for authenticating OSPF packets by making use of HMAC algorithm in conjunction with the SHA family of cryptographic hash functions. It would be great if the WG can provide some feedback and comments on the same.
>
> http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt
>
> Thanks,
> Manav
>
> > ----- Forwarded Message ----
> > From: Internet-Drafts@ietf.org
> > To: i-d-announce@ietf.org
> > Sent: Saturday, July 15, 2006 1:20:01 AM
> > Subject: I-D ACTION:draft-bhatia-manral-white-ospf-hmac-sha-00.txt
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> >
> >
> >    Title        : OSPF HMAC Cryptographic Authentication
> >    Author(s)    : M. Bhatia, et al.
> >    Filename    : draft-bhatia-manral-white-ospf-hmac-sha-00.txt
> >    Pages        : 10
> >    Date        : 2006-6-14
> >
> >   This document describes a mechanism for authenticating OSPF packets
> >   by making use of the HMAC algorithm in conjunction with the SHA
> >   family of cryptographic hash functions. Because of the way the hash
> >   functions are used in HMAC construction, the collision attacks
> >   currently known against SHA-1 do not apply.
> >
> >   This will be done in addition to the already documented
> >   authentication schemes described in the base specification.
> >
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-bhatia-manral-white-ospf-hmac-sha-00.txt
> >
> > To remove yourself from the I-D Announcement list, send a message to
> > i-d-announce-request@ietf.org with the word unsubscribe in the body of the
> > message.
> > You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
> > to change your subscription settings.
> >
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>
> Sign Up for your FREE eWallet at www.wallet365.com
>
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www1.ietf.org/mailman/listinfo/ospf
>

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email