Clarification of when authentication is used

Jeffrey C Honig <jch@nr-tech.cit.cornell.edu> Tue, 02 August 1994 19:57 UTC

Message-Id: <199408021953.PAA28181@mitchell.cit.cornell.edu>
To: ietf-rip@xylogics.com
Subject: Clarification of when authentication is used
Organization: Information Technologies/Network Resources; Cornell University, Ithaca, NY
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 02 Aug 1994 15:53:12 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Jeffrey C Honig <jch@nr-tech.cit.cornell.edu>

My implementation of RIP assumed that both RIP REQUESTs and RESPONSEs
would need to be authenticated.  With the MD5 work it only seems to
make sense to authenticate RESPONSEs.  RFC1388 needs some
clarification of this point as it does not explain when authentication
should be used, just the details of how to use it.


It may make sense to authenticate all RESPONSEs and those REQUESTs
that come from routers (i.e. port 520).  Other REQUESTSs would not
need authentication (it could be ignored) and the RESPONSEs would not
contain authentication.  This would prevent someone from being able to
obtain the simple password, or a sample MD5 authenticated packet, by
sending a REQUEST and then analyzing the RESPONSE.


How much interest is there in having support for two keys to allow
keys to be changed?  To do this as efficiently as possible it would be
desirable to have the authentication entry at the end of the packet
instead of in the begining.


Thanks.

Jeff

Clarification of when authentication is used Jeffrey C Honig
Clarification of when authentication is used Gary Scott Malkin
Re: Clarification of when authentication is used Fred Baker
Clarification of when authentication is used Gary Scott Malkin
Re: Clarification of when authentication is used Fred Baker
Clarification of when authentication is used Gary Scott Malkin
Re: Clarification of when authentication is used Fred Baker