Re: OSPF cryptographic authentication keying
Mukesh Gupta <mgupta@IPRG.NOKIA.COM> Tue, 13 August 2002 18:43 UTC
Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13249 for <ospf-archive@LISTS.IETF.ORG>; Tue, 13 Aug 2002 14:43:38 -0400 (EDT)
Received: from walnut (209.119.0.61) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <0.006D2157@cherry.ease.lsoft.com>; Tue, 13 Aug 2002 14:44:55 -0400
Received: from DISCUSS.MICROSOFT.COM by DISCUSS.MICROSOFT.COM (LISTSERV-TCP/IP release 1.8e) with spool id 102874 for OSPF@DISCUSS.MICROSOFT.COM; Tue, 13 Aug 2002 14:44:50 -0400
Received: from 205.226.5.12 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0f) with TCP; Tue, 13 Aug 2002 14:44:50 -0400
Received: from darkstar.iprg.nokia.com (darkstar.iprg.nokia.com [205.226.5.69]) by mailhost.iprg.nokia.com (8.9.3/8.9.3-GLGS) with ESMTP id LAA27732 for <OSPF@DISCUSS.MICROSOFT.COM>; Tue, 13 Aug 2002 11:44:54 -0700 (PDT)
X-Delivered-For: <OSPF@DISCUSS.MICROSOFT.COM>
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id g7DIirk16884 for <OSPF@DISCUSS.MICROSOFT.COM>; Tue, 13 Aug 2002 11:44:53 -0700
X-mProtect: <200208131844> Nokia Silicon Valley Messaging Protection
Received: from UNKNOWN (172.19.66.85, claiming to be "iprg.nokia.com") by darkstar.iprg.nokia.com smtpdrBUrYb; Tue, 13 Aug 2002 11:44:51 PDT
X-Mailer: Mozilla 4.75 [en]C-CCK-MCD {Nokia} (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
References: <05F679A54DF3D51188100008C7919756D38AED@ma07exm03.corp.isg.mot.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <3D5953A3.5064A4BF@iprg.nokia.com>
Date: Tue, 13 Aug 2002 11:44:51 -0700
Reply-To: Mailing List <OSPF@DISCUSS.MICROSOFT.COM>
Sender: Mailing List <OSPF@DISCUSS.MICROSOFT.COM>
From: Mukesh Gupta <mgupta@IPRG.NOKIA.COM>
Organization: Nokia
Subject: Re: OSPF cryptographic authentication keying
To: OSPF@DISCUSS.MICROSOFT.COM
Precedence: list
Content-Transfer-Encoding: 7bit
> I have a couple of questions about how keying is established for OSPF > cryptographic authentication: I am assuming that you are talking about OSPFv2. > First of all, which may be a stupid questions, I have the impression the > keying is essentially on a pairwise basis, rather than a key being shared > among all the entities in an area. Is that correct? To my knowledge, No. It is not correct. The keys are shared between all the entities in an area and they are not on a pairwise basis. Using pairwise keys in the multicast environment will not work. > Second, how are these keys normally established in today's operational > world? I realize this is a bit outside of the scope of OSPF, but do people > use manual entry, SNMP, some negotiation framework like ISAKMP, or what? I think, most of the implementations use manual entry. ISAKMP wouldn't be easy to use in the multicast environment OSPF uses. Key negotiation mechanisms for multicast are still being explored. regards Mukesh -- ****************************************************************** Work fascinates me. I can look at it for hours ! ****************************************************************** Mukesh Gupta Phone: (650) 625-2264 Cell : (650) 868-9111 http://www.iprg.nokia.com/~mgupta ******************************************************************
- OSPF cryptographic authentication keying Eastlake III Donald-LDE008
- Re: OSPF cryptographic authentication keying Mukesh Gupta
- Re: OSPF cryptographic authentication keying Acee Lindem
- Re: OSPF cryptographic authentication keying Mukesh Gupta
- Re: OSPF cryptographic authentication keying Eastlake III Donald-LDE008
- Re: OSPF cryptographic authentication keying Mukesh Gupta