IETF Logo Mail Archive

Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 13 April 2011 15:56 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfc.amsl.com
Delivered-To: ospf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id E2845E0803 for <ospf@ietfc.amsl.com>; Wed, 13 Apr 2011 08:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.698
X-Spam-Level:
X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[AWL=0.901, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zzu+hM6Sf3ZP for <ospf@ietfc.amsl.com>; Wed, 13 Apr 2011 08:56:34 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfc.amsl.com (Postfix) with ESMTP id C8D91E080A for <ospf@ietf.org>; Wed, 13 Apr 2011 08:56:34 -0700 (PDT)
Received: from inbansmailrelay2.in.alcatel-lucent.com (h135-250-11-33.lucent.com [135.250.11.33]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id p3DFuPmn013126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 13 Apr 2011 10:56:28 -0500 (CDT)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com (inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p3DFuOuR022473 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 13 Apr 2011 21:26:24 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi; Wed, 13 Apr 2011 21:26:24 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Acee Lindem <acee.lindem@ericsson.com>
Date: Wed, 13 Apr 2011 21:26:20 +0530
Thread-Topic: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
Thread-Index: Acv567cx8/QTKvS6Q06GP3nYLT1BOwAB1NKQ
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFD0DE1EF@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <566PDLFAb2496S04.1302586047@web04.cms.usa.net> <BANLkTimM8QO9p1pRNkFTougUgbKH0b=V3Q@mail.gmail.com> <7C362EEF9C7896468B36C9B79200D8350CFD037D65@INBANSXCHMBSA1.in.alcatel-lucent.com> <47E0DC9D-E5B3-40CB-94E1-8A915D7DAE62@ericsson.com>
In-Reply-To: <47E0DC9D-E5B3-40CB-94E1-8A915D7DAE62@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] WG Last Call for Supporting Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 15:56:36 -0000

Hi Acee,

I am ok with adding the sequence number strictly increasing in the AT draft. What I was opposing was to include the nonce or the 64 bit auth sequence space that has been proposed for OSPFv2.

Cheers, Manav

> -----Original Message-----
> From: Acee Lindem [mailto:acee.lindem@ericsson.com] 
> Sent: Wednesday, April 13, 2011 8.32 PM
> To: Bhatia, Manav (Manav)
> Cc: Vishwas Manral; Michael Barnes; ospf@ietf.org
> Subject: Re: [OSPF] WG Last Call for Supporting 
> Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
> 
> Hi Manav,
> 
> OTOH, we could add the strictly increasing 64 bit sequence 
> number to OSPFv3 Auth Trailer draft without too much trouble. 
> Even though it might not end up to be exactly what is used 
> for the OSPFv2 draft, it seems there is a requirement to do 
> something better than is done today. Right now, the OSPFv2 IP 
> layer security draft still has all the nounce stuff in it. 
> The 64 sequence was primarily a product of the E-mail thread 
> between you, Sam, and myself.
> 
> Thanks,
> Acee
> 
> On Apr 12, 2011, at 4:41 PM, Bhatia, Manav (Manav) wrote:
> 
> Hi Vishwas,
> 
> As i have explained earlier, AT is a complete solution and 
> none of the current proposals in KARP (nonce ID, boot count, 
> etc) will be invalidating it. AT provides the basic 
> infrastructure over which other these will get built. The two 
> are thus not comparable.
> 
> Cheers, Manav
> 
> ________________________________
> From: Vishwas Manral [mailto:vishwas.ietf@gmail.com]
> Sent: Tuesday, April 12, 2011 10.32 PM
> To: Michael Barnes
> Cc: Bhatia, Manav (Manav); 
> curtis@occnc.com<mailto:curtis@occnc.com>; Abhay Roy; 
> ospf@ietf.org<mailto:ospf@ietf.org>
> Subject: Re: [OSPF] WG Last Call for Supporting 
> Authentication Trailer for OSPFv3 - draft-ietf-ospf-auth-trai
> 
> Hi Manav/ Mike,
> 
> Though it is ok to have another draft invalidate this one 
> after some time. It would be a challenge to get 
> implementations to change as fast (if at all).
> 
> In my view if the current solution is deemed incomplete, we 
> can correct the current solution.
> 
> Thanks,
> Vishwas
> On Mon, Apr 11, 2011 at 10:27 PM, Michael Barnes 
> <michael_barnes@usa.net<mailto:michael_barnes@usa.net>> wrote:
> Hello Manav,
> 
> ------ Original Message ------
> Received: Mon, 11 Apr 2011 10:05:36 PM PDT
> From: "Bhatia, Manav (Manav)" 
> <manav.bhatia@alcatel-lucent.com<mailto:manav.bhatia@alcatel-l
> ucent.com>>
> To: Michael Barnes 
> <michael_barnes@usa.net<mailto:michael_barnes@usa.net>>,      
>   "curtis@occnc.com<mailto:curtis@occnc.com>"
> <curtis@occnc.com<mailto:curtis@occnc.com>>, Abhay Roy 
> <akr@cisco.com<mailto:akr@cisco.com>>Cc: 
> "ospf@ietf.org<mailto:ospf@ietf.org>"
> <ospf@ietf.org<mailto:ospf@ietf.org>>
> Subject: RE: [OSPF] WG Last Call for Supporting 
> Authentication Trailer for
> OSPFv3 - draft-ietf-ospf-auth-trai
> 
> > Hi Michael,
> >
> > > > right direction and would not have to be revisited 
> quite as soon if
> > > > something more robust were proposed.
> > > >
> > > > Bottom line.  Falls short of what I'd like to see but 
> no objection.
> > > >
> > > > Curtis
> > >
> > > I agree with Curis. I'd really like to see the first version
> > > of this spec at
> > > least have the extended sequence number as is being 
> discussed for v2.
> >
> > I disagree that AT should have a 64 bit sequence space in the base
> specification primarily because we are not yet sure if the 
> KARP boot count
> approach is what the WG will finally converge on (in which 
> case we would need
> an extended sequence space). Also note that the AT provides 
> an "Auth Type"
> field which can be assigned a new value (similar to how it 
> will be done for
> OSPFv2) once we decide to move to a different scheme. The 
> same standard that
> extends the OSPFv2 sequence space can also do it for OSPFv3 
> AT block - really
> hardly an overhead.
> >
> > Also note that you could consider this proposal as just 
> bringing OSPFv3 at
> par with OSPFv2. Once this is done, any proposal that extends 
> OSPFv2 will
> natively work for OSPFv3 as well.
> 
> So you are saying that this flaw is okay with you? I'd rather 
> hold off on
> pushing this forward until this flaw is fixed. And I think 
> waiting to see what
> happens in KARP might be a good idea.
> 
> Regards,
> Michael
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org<mailto:OSPF@ietf.org>
> https://www.ietf.org/mailman/listinfo/ospf
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org<mailto:OSPF@ietf.org>
> https://www.ietf.org/mailman/listinfo/ospf
> 
>

v2.23.0 | Report a Bug | By Email