Clarification of when authentication is used

Gary Scott Malkin <gmalkin@xylogics.com> Tue, 02 August 1994 20:27 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa13337; 2 Aug 94 16:27 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa13333; 2 Aug 94 16:27 EDT
Received: from atlas.xylogics.com by CNRI.Reston.VA.US id aa16177; 2 Aug 94 16:27 EDT
Received: by atlas.xylogics.com id AA04123 (5.65c/UK-2.1-940401); Tue, 2 Aug 1994 16:28:07 -0400
Received: by atlas.xylogics.com id AA28049 (5.65c/UK-2.1-940401); Tue, 2 Aug 1994 16:27:55 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Gary Scott Malkin <gmalkin@xylogics.com>
Date: Tue, 2 Aug 1994 16:27:55 -0400
Message-Id: <28049.199408022027@atlas.xylogics.com>
To: jch@nr-tech.cit.cornell.edu
Cc: ietf-rip@xylogics.com
In-Reply-To: Jeffrey C Honig's message of Tue, 02 Aug 1994 15:53:12 -0400 <199408021953.PAA28181@mitchell.cit.cornell.edu>
Subject: Clarification of when authentication is used

> My implementation of RIP assumed that both RIP REQUESTs and RESPONSEs
> would need to be authenticated.  With the MD5 work it only seems to
> make sense to authenticate RESPONSEs.

That is how my implementation works also.  As you said, one needs to
prevent the clear-text password from escaping in a query.  For the
MD5, we could go either way.

Fred, does OSPF handle this?  We should do it the same way.  The
clarification need only be in the MD5 extension document though; I
don't think we need to reopen the RIP-2 I-D now.

----------------------------------------------------------------------
Gary Malkin                                          Cheap, Fast, Good
(617) 272-8140                                       Pick two!