Re: [OSPF] [Technical Errata Reported] RFC6506 (3567)
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Sun, 31 March 2013 05:25 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D95921F86A5 for <ospf@ietfa.amsl.com>; Sat, 30 Mar 2013 22:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTmay5OYM+fl for <ospf@ietfa.amsl.com>; Sat, 30 Mar 2013 22:25:44 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id 02C5021F85F5 for <ospf@ietf.org>; Sat, 30 Mar 2013 22:25:36 -0700 (PDT)
Received: from sg70xusmtp01.zap.alcatel-lucent.com (h135-253-72-129.lucent.com [135.253.72.129]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id r2V5PQdU011363 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 31 Mar 2013 00:25:28 -0500 (CDT)
Received: from INBANSXCHHUB02.in.alcatel-lucent.com (inbansxchhub02.in.alcatel-lucent.com [135.250.12.35]) by sg70xusmtp01.zap.alcatel-lucent.com (GMO) with ESMTP id r2V5POAp031779 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Sun, 31 Mar 2013 13:25:24 +0800
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.56]) by INBANSXCHHUB02.in.alcatel-lucent.com ([135.250.12.35]) with mapi; Sun, 31 Mar 2013 10:55:24 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "vishwas.manral@hp.com" <vishwas.manral@hp.com>, "acee.lindem@ericsson.com" <acee.lindem@ericsson.com>, "stbryant@cisco.com" <stbryant@cisco.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "akr@cisco.com" <akr@cisco.com>, "acee.lindem@ericsson.com" <acee.lindem@ericsson.com>
Date: Sun, 31 Mar 2013 10:55:21 +0530
Thread-Topic: [Technical Errata Reported] RFC6506 (3567)
Thread-Index: Ac4q5/xtH+FE9F0uT1yiTh5NjXuPXQC5ZgBw
Message-ID: <7C362EEF9C7896468B36C9B79200D8351BCAF79C88@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <20130327123752.EFE2DB1E002@rfc-editor.org>
In-Reply-To: <20130327123752.EFE2DB1E002@rfc-editor.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] [Technical Errata Reported] RFC6506 (3567)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2013 05:25:45 -0000
Hi Marek, When constructing the LLS data block it may not always be possible for an implementation to know whether there is authentication being used on a link or not. Sure there are ways for us to figure this out but it may not be a very modular approach (really an implementation specific issue). If you follow rfc 6506 and do as it says then you can always choose NOT to verify the LLS checksum upon reciept and still be compliant to 6506. This way nothing changes - Your original code for LLS still computes the checksum regardless of whether OSPFv3 AT is configured or not. The AT code computes the digest of the packet including the LLS data block. The reciever verifies the AT data block and accepts the packet if it matches with whats carried in the packet. Its now an implementation specific issue whether it wants to verify the LLS checksum or not. Given this I don't think the errata raised is correct - more so, because this isnt really an error in the RFC. Even if we'd discussed this issue when we were writing this RFC we would have left it as an implementation specific behavior at the RX side based on the modularity argument. Based on this argument I would also reject the errata 3568 that has been raised. Cheers, Manav > -----Original Message----- > From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] > Sent: Wednesday, March 27, 2013 6:08 PM > To: Bhatia, Manav (Manav); vishwas.manral@hp.com; > acee.lindem@ericsson.com; stbryant@cisco.com; > adrian@olddog.co.uk; akr@cisco.com; acee.lindem@ericsson.com > Cc: mkarasek@cisco.com; ospf@ietf.org; rfc-editor@rfc-editor.org > Subject: [Technical Errata Reported] RFC6506 (3567) > > The following errata report has been submitted for RFC6506, > "Supporting Authentication Trailer for OSPFv3". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6506&eid=3567 > > -------------------------------------- > Type: Technical > Reported by: Marek Karasek <mkarasek@cisco.com> > > Section: 2.2 > > Original Text > ------------- > Consistent with OSPFv2 Cryptographic Authentication > [RFC2328], both OSPFv3 header checksum calculation and > verification are omitted when the OSPFv3 authentication > mechanism described in this specification is used. > > Corrected Text > -------------- > OSPFv3 authentication mechanism provides capability to detect > corruption of OSPFv3 packet, which is under non authenticated > operation achieved using OSPFv3 header checksum [RFC 5340] > and LLS data block checksum [RFC 5613]. In spirit of OSPFv2 > Cryptographic Authentication [RFC2328], OSPFv3 header > checksum and LLS Data Block Checksum calculation and > verification are omitted when the OSPFv3 authentication > mechanism described in this specification is used. > > Notes > ----- > RFC does not specify how to work with LLS Data Block > Checksum. Errata suggests omit checksum > calculation/verification in the same way like for OSPFv3 > header checksum. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, > please use "Reply All" to discuss whether it should be > verified or rejected. When a decision is reached, the > verifying party (IESG) can log in to change the status and > edit the report, if necessary. > > -------------------------------------- > RFC6506 (draft-ietf-ospf-auth-trailer-ospfv3-11) > -------------------------------------- > Title : Supporting Authentication Trailer for OSPFv3 > Publication Date : February 2012 > Author(s) : M. Bhatia, V. Manral, A. Lindem > Category : PROPOSED STANDARD > Source : Open Shortest Path First IGP > Area : Routing > Stream : IETF > Verifying Party : IESG >
- [OSPF] [Technical Errata Reported] RFC6506 (3567) RFC Errata System
- Re: [OSPF] [Technical Errata Reported] RFC6506 (3… t.petch
- Re: [OSPF] [Technical Errata Reported] RFC6506 (3… Marek Karasek (mkarasek)
- Re: [OSPF] [Technical Errata Reported] RFC6506 (3… Bhatia, Manav (Manav)
- Re: [OSPF] [Technical Errata Reported] RFC6506 (3… Michael Barnes
- Re: [OSPF] [Technical Errata Reported] RFC6506 (3… Marek Karasek (mkarasek)