Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
Michael J Barnes <mjbarnes@cisco.com> Tue, 22 August 2006 19:32 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFbzK-00051e-Qz; Tue, 22 Aug 2006 15:32:38 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFbzK-00051Z-Hv for ospf@ietf.org; Tue, 22 Aug 2006 15:32:38 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFbzH-0003QG-8g for ospf@ietf.org; Tue, 22 Aug 2006 15:32:38 -0400
Received: from sjc-vpn6-661.cisco.com (HELO cisco.com) ([10.21.122.149]) by sj-iport-1.cisco.com with ESMTP; 22 Aug 2006 12:32:34 -0700
Message-ID: <44EB5BD1.2000107@cisco.com>
Date: Tue, 22 Aug 2006 12:32:33 -0700
From: Michael J Barnes <mjbarnes@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
References: <20060821142220.63912.qmail@web25406.mail.ukl.yahoo.com>
In-Reply-To: <20060821142220.63912.qmail@web25406.mail.ukl.yahoo.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org
Hello Manav, Manav Bhatia wrote: > Hi Tom, > > [..] >> >>The poll should be on whether we should proceed as-is in the draft or >>should we use a new type field for each new authentication scheme that >>we come out with? > > > We dont need to use a new auth type value for each new authentication > scheme that comes up in the future. > > One can define a new generic auth type 3, which would carry the > authentication algorithm details in addition to the Key ID, auth data > length and the crypto sequence number. The authentication data for type > auth type 3 would be the same as type 2, except that the reserved bytes > would get replaced with the authentication algorithm ID. A concern I have with this is that when a new authentication algorithm is devised we would have to have to wait for a new OSPF RFC to specify the Authentication Algorithm ID before we could implement the algorithm. Generally, I don't think a new OSPF RFC should be required just to make use of a new algorithm. Looking at IPsec, it also does not include a field which indicates which algorithm is used. The IPsec SPI is equivalent to the Key ID we use in OSPF. We are defining an SA similarly to IPsec, which . As in IPsec, the SA indicates which algorithm and key are used. So this draft is in keeping with how IPsec operates. I think it makes sense for OSPF to follow the lead of IPsec in this regard. My $.02 Thanks, Michael > However, i dont think this is required. > > Cheers, > Manav > > _______________________________________________ OSPF mailing list OSPF@ietf.org https://www1.ietf.org/mailman/listinfo/ospf
- [OSPF] Revised OSPF HMAC SHA Authentication Draft Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Phil Cowburn
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… tom.petch
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Michael J Barnes
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Russ White
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… Manav Bhatia
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Dave Katz
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Paul Jakma
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- RE: [OSPF] Revised OSPF HMAC SHA Authentication D… sujay
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Erblichs
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Vishwas Manral
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Tom Sanders
- Re: [OSPF] Revised OSPF HMAC SHA Authentication D… Acee Lindem