IETF Logo Mail Archive

Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3

sandy@tislabs.com (Sandy Murphy) Wed, 01 October 2008 15:57 UTC

Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: rpsec-archive@megatron.ietf.org
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D1763A6C6C; Wed, 1 Oct 2008 08:57:12 -0700 (PDT)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4CAE3A6A17; Tue, 30 Sep 2008 09:30:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.352
X-Spam-Level:
X-Spam-Status: No, score=-6.352 tagged_above=-999 required=5 tests=[AWL=0.247, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vy9ImPvysD2; Tue, 30 Sep 2008 09:30:10 -0700 (PDT)
Received: from nutshell.tislabs.com (ns1.tislabs.com [192.94.214.100]) by core3.amsl.com (Postfix) with ESMTP id D87063A6B67; Tue, 30 Sep 2008 09:30:09 -0700 (PDT)
Received: (from uucp@localhost) by nutshell.tislabs.com (8.12.9/8.12.9) id m8UGTuJa016359; Tue, 30 Sep 2008 12:29:56 -0400 (EDT)
Received: from nodnsquery(10.66.1.30) by nutshell.tislabs.com via csmap (V6.0) id srcAAAt_aW8F; Tue, 30 Sep 08 12:29:56 -0400
Received: by pecan.tislabs.com (Postfix, from userid 2005) id C92963F446; Tue, 30 Sep 2008 12:28:23 -0400 (EDT)
To: acee@redback.com, vishwas.ietf@gmail.com
In-Reply-To: <77ead0ec0809300842i200798d5ic45f7996a19d57d@mail.gmail.com>
Message-Id: <20080930162823.C92963F446@pecan.tislabs.com>
Date: Tue, 30 Sep 2008 12:28:23 -0400
From: sandy@tislabs.com
X-Mailman-Approved-At: Wed, 01 Oct 2008 08:57:10 -0700
Cc: msec@ietf.org, tsvwg@ietf.org, ospf@ietf.org, secdir@mit.edu, rpsec@ietf.org, sidr@ietf.org, rcallon@juniper.net
Subject: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org

>I agree to what you say and the general sense of the room in the KMART BOF.
>That is the reason I proposed a BTNS based solution. Which uses GTSM
>in the IKe to do the first level security.

I am not quite sure I understand the use of GTSM here.  The need for
authentication for OSPF is that you don't trust that everyone on the
local broadcast link is OK.  GTSM tells you that the sender came from
one-hop away, i.e., on the local broadcast link.  Since you already know
that you don't trust everyone one-hop away, how does the use of GTSM
help?

--Sandy
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email