IETF Logo Mail Archive

Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft

Michael J Barnes <mjbarnes@cisco.com> Tue, 22 August 2006 19:32 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFbzK-00051e-Qz; Tue, 22 Aug 2006 15:32:38 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GFbzK-00051Z-Hv for ospf@ietf.org; Tue, 22 Aug 2006 15:32:38 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GFbzH-0003QG-8g for ospf@ietf.org; Tue, 22 Aug 2006 15:32:38 -0400
Received: from sjc-vpn6-661.cisco.com (HELO cisco.com) ([10.21.122.149]) by sj-iport-1.cisco.com with ESMTP; 22 Aug 2006 12:32:34 -0700
Message-ID: <44EB5BD1.2000107@cisco.com>
Date: Tue, 22 Aug 2006 12:32:33 -0700
From: Michael J Barnes <mjbarnes@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
Subject: Re: [OSPF] Revised OSPF HMAC SHA Authentication Draft
References: <20060821142220.63912.qmail@web25406.mail.ukl.yahoo.com>
In-Reply-To: <20060821142220.63912.qmail@web25406.mail.ukl.yahoo.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: ospf@ietf.org
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
Errors-To: ospf-bounces@ietf.org

Hello Manav,

Manav Bhatia wrote:
> Hi Tom,
>  
> [..] 


>>
>>The poll should be on whether we should proceed as-is in the draft or
>>should we use a new type field for each new authentication scheme that
>>we come out with?
> 
>  
> We dont need to use a new auth type value for each new authentication
 > scheme that comes up in the future.
>  
> One can define a new generic auth type 3, which would carry the
> authentication algorithm details in addition to the Key ID, auth data
> length and the crypto sequence number. The authentication data for type
> auth type 3 would be the same as type 2, except that the reserved bytes
> would get replaced with the authentication algorithm ID.

A concern I have with this is that when a new authentication algorithm is 
devised we would have to have to wait for a new OSPF RFC to specify the 
Authentication Algorithm ID before we could implement the algorithm. 
Generally, I don't think a new OSPF RFC should be required just to make 
use of a new algorithm.

Looking at IPsec, it also does not include a field which indicates which 
algorithm is used. The IPsec SPI is equivalent to the Key ID we use in 
OSPF. We are defining an SA similarly to IPsec, which . As in IPsec, the 
SA indicates which algorithm and key are used. So this draft is in keeping 
with how IPsec operates. I think it makes sense for OSPF to follow the 
lead of IPsec in this regard.

My $.02

Thanks,
Michael

> However, i dont think this is required.
>  
> Cheers,
> Manav
> 
> 

_______________________________________________
OSPF mailing list
OSPF@ietf.org
https://www1.ietf.org/mailman/listinfo/ospf

v2.23.0 | Report a Bug | By Email