Re: Clarification of when authentication is used
Jeffrey C Honig <jch@nr-tech.cit.cornell.edu> Thu, 04 August 1994 00:50 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa16765; 3 Aug 94 20:50 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa16761; 3 Aug 94 20:50 EDT
Received: from atlas.xylogics.com by CNRI.Reston.VA.US id aa22033; 3 Aug 94 20:50 EDT
Received: by atlas.xylogics.com id AA05407 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 20:50:49 -0400
Received: from MITCHELL.CIT.CORNELL.EDU by atlas.xylogics.com with SMTP id AA26035 (5.65c/UK-2.1-940401); Wed, 3 Aug 1994 20:50:40 -0400
Received: from mitchell.cit.cornell.edu (MITCHELL.CIT.CORNELL.EDU [132.236.200.25]) by mitchell.cit.cornell.edu (8.6.9/8.6.9) with ESMTP id UAA24050 for <ietf-rip@xylogics.com>; Wed, 3 Aug 1994 20:47:43 -0400
Message-Id: <199408040047.UAA24050@mitchell.cit.cornell.edu>
To: ietf-rip@xylogics.com
Subject: Re: Clarification of when authentication is used
In-Reply-To: Message from Gary Scott Malkin <gmalkin@xylogics.com> on Wed, 03 Aug 1994 10:29:06 -0400.<450.199408031429@atlas.xylogics.com>
Organization: Information Technologies/Network Resources; Cornell University, Ithaca, NY
X-Mailier: MH-E [version 4.1+] MH [version 6.8.1]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 03 Aug 1994 20:47:42 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Jeffrey C Honig <jch@nr-tech.cit.cornell.edu>
> That's a good point. I guess that, for simple password, you must > authenticate the queries, lest you give away the password. For MD5, > you don't, by default, authenticate queries. I guess the MD5 proposal > should include a statement about an optional switch which may be used > to turn query authentication, when using MD5, on. An alternative would be to specify a seperate authentication type and key for queries. If query packets use the same authentication as updates, the update secret (or encrypted packets as input to a cracking algorithm) can traverse more networks since queries can be remote. And the update secret needs to be known in more places. Using a seperate secret would only allow an off-net cracker to learn routing information, not forge it. The sequence number should be ignored on MD5 authenticated user queries. Jeff
- Security hole in RIP-2 Gary Scott Malkin
- Re: Security hole in RIP-2 Noel Chiappa
- Re: Security hole in RIP-2 Oliver Korfmacher
- Re: Security hole in RIP-2 Jeffrey C Honig
- Re: implementation detail Jeffrey C Honig
- Re: minutes of RIPv2 meeting in Amsterdam Jeffrey C Honig
- Re: Document updates Jeffrey C Honig
- Re: Clarification of when authentication is used Jeffrey C Honig