Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
sandy@tislabs.com (Sandy Murphy) Wed, 01 October 2008 15:57 UTC
Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: rpsec-archive@megatron.ietf.org
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D1763A6C6C; Wed, 1 Oct 2008 08:57:12 -0700 (PDT)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4CAE3A6A17; Tue, 30 Sep 2008 09:30:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.352
X-Spam-Level:
X-Spam-Status: No, score=-6.352 tagged_above=-999 required=5 tests=[AWL=0.247, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vy9ImPvysD2; Tue, 30 Sep 2008 09:30:10 -0700 (PDT)
Received: from nutshell.tislabs.com (ns1.tislabs.com [192.94.214.100]) by core3.amsl.com (Postfix) with ESMTP id D87063A6B67; Tue, 30 Sep 2008 09:30:09 -0700 (PDT)
Received: (from uucp@localhost) by nutshell.tislabs.com (8.12.9/8.12.9) id m8UGTuJa016359; Tue, 30 Sep 2008 12:29:56 -0400 (EDT)
Received: from nodnsquery(10.66.1.30) by nutshell.tislabs.com via csmap (V6.0) id srcAAAt_aW8F; Tue, 30 Sep 08 12:29:56 -0400
Received: by pecan.tislabs.com (Postfix, from userid 2005) id C92963F446; Tue, 30 Sep 2008 12:28:23 -0400 (EDT)
To: acee@redback.com, vishwas.ietf@gmail.com
In-Reply-To: <77ead0ec0809300842i200798d5ic45f7996a19d57d@mail.gmail.com>
Message-Id: <20080930162823.C92963F446@pecan.tislabs.com>
Date: Tue, 30 Sep 2008 12:28:23 -0400
From: sandy@tislabs.com
X-Mailman-Approved-At: Wed, 01 Oct 2008 08:57:10 -0700
Cc: msec@ietf.org, tsvwg@ietf.org, ospf@ietf.org, secdir@mit.edu, rpsec@ietf.org, sidr@ietf.org, rcallon@juniper.net
Subject: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org
>I agree to what you say and the general sense of the room in the KMART BOF. >That is the reason I proposed a BTNS based solution. Which uses GTSM >in the IKe to do the first level security. I am not quite sure I understand the use of GTSM here. The need for authentication for OSPF is that you don't trust that everyone on the local broadcast link is OK. GTSM tells you that the sender came from one-hop away, i.e., on the local broadcast link. Since you already know that you don't trust everyone one-hop away, how does the use of GTSM help? --Sandy _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Authentication for OSPFv3 Ed Jankiewicz
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… David Ward
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… Vishwas Manral
- Re: [RPSEC] Authentication for OSPFv3 Sandy Murphy
- Re: [RPSEC] [sidr] Authentication for OSPFv3 Vishwas Manral
- Re: [RPSEC] [secdir] [sidr] Authentication for OS… Sam Hartman
- Re: [RPSEC] [secdir] [sidr] Authentication for OS… Vishwas Manral
- Re: [RPSEC] [sidr] Authentication for OSPFv3 David Ward
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… Acee Lindem
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… Vishwas Manral
- Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication… Sam Hartman
- Re: [RPSEC] [Tsvwg] Authentication for OSPFv3 Brian Weis
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… Sandy Murphy
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPF… Sandy Murphy
- Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication… Stephen Kent
- Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication… Steven M. Bellovin