IETF Logo Mail Archive

Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3

"Vishwas Manral" <vishwas.ietf@gmail.com> Wed, 01 October 2008 15:57 UTC

Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: rpsec-archive@megatron.ietf.org
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 074C43A6C5F; Wed, 1 Oct 2008 08:57:12 -0700 (PDT)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 865033A6BA0 for <rpsec@core3.amsl.com>; Tue, 30 Sep 2008 08:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[AWL=-0.120, BAYES_00=-2.599, J_CHICKENPOX_48=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RumiI3SKxTgC for <rpsec@core3.amsl.com>; Tue, 30 Sep 2008 08:41:58 -0700 (PDT)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by core3.amsl.com (Postfix) with ESMTP id C42D13A6B67 for <rpsec@ietf.org>; Tue, 30 Sep 2008 08:41:57 -0700 (PDT)
Received: by fg-out-1718.google.com with SMTP id d23so78260fga.41 for <rpsec@ietf.org>; Tue, 30 Sep 2008 08:42:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ZfukToRpUEYzI910/NW2dROJLeFPGQzANQu+xjezZes=; b=Ht9rDJWsO8rad3+Gk7+OUAH4P7aLIriNGiQafd3xA9pK6pK0kQ+hAe2lIfXkahLWJ+ JnJdp51GOstUlw2lIQW/M+OnvlEIM83wEYTgHuOQ7OMUJ+UBD8RqTxdTEx2zLA8GMlOO hsyPD9Lqt8li48SoNYlMHJIs1urEz6nKClChM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=oVX2OzkqQTYvofh/UdIHpKkIlxWLekxJHe6sOlBSyzZbonMjVb3bB813XsOLimwRDz 4HSPUUzWC/zTnW5x2xkbXaj7iE/iRiu+0b8Jn4U5P7YsukhCqx42Gvhm2OBLIhWvnKol 0+ehgjMP//kq34dShjFjXIS53aGF7gEIzZtzc=
Received: by 10.180.212.1 with SMTP id k1mr3257295bkg.58.1222789338567; Tue, 30 Sep 2008 08:42:18 -0700 (PDT)
Received: by 10.180.226.2 with HTTP; Tue, 30 Sep 2008 08:42:18 -0700 (PDT)
Message-ID: <77ead0ec0809300842i200798d5ic45f7996a19d57d@mail.gmail.com>
Date: Tue, 30 Sep 2008 21:12:18 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Acee Lindem <acee@redback.com>
In-Reply-To: <BAD965BE-053F-4296-B0F7-CF0F2C9C0779@redback.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <48D96507.4000207@sri.com> <20080929200231.3E5DD3F443@pecan.tislabs.com> <77ead0ec0809291853t63940339xc826b13cf5515176@mail.gmail.com> <C50382B8-74EB-4157-9043-56CB1D3F8594@cisco.com> <BAD965BE-053F-4296-B0F7-CF0F2C9C0779@redback.com>
X-Mailman-Approved-At: Wed, 01 Oct 2008 08:57:10 -0700
Cc: msec@ietf.org, tsvwg@ietf.org, rpsec@ietf.org, secdir@mit.edu, OSPF List <ospf@ietf.org>, David Ward <dward@cisco.com>, sidr@ietf.org, Ross Callon <rcallon@juniper.net>
Subject: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org

Hi Acee,

I agree to what you say and the general sense of the room in the KMART BOF.
That is the reason I proposed a BTNS based solution. Which uses GTSM
in the IKe to do the first level security.

Also as IGP run within an administrative domain we can actually do
without third party verification.

Hi Dave,

Thanks for your help and shepherding as always.

The issue about adopting the draft was raised in the OPSEC WG by the
chair Joel, however we only had a handful of mails saying the draft
was within the scope (though none were opposed to it).

Thanks,
Vishwas


On 9/30/08, Acee Lindem <acee@redback.com> wrote:
> One thing to take into consideration is that the outcome of our KMART
> BOF was that nobody deploying networks wanted routing infra-structure
> based on a third-part verified certificates.
> Thanks,
> Acee
> On Sep 30, 2008, at 10:57 AM, David Ward wrote:
>
>> Directions are to send your draft to opsec WG. To get it on their
>> charter, you have to request the doc to become a WG item and then
>> discussion will follow
>>
>> -DWard
>>
>> On Sep 29, 2008, at 8:53 PM, Vishwas Manral wrote:
>>
>>> Hi Sandy,
>>>
>>> Thanks for refering to my draft in your mail. The same was presented
>>> by Dave (Ward) in the last IETF. Regarding the state of the draft,
>>> because the RPSEC is closing down, we have been trying to find a home
>>> for the draft.
>>>
>>> We can also solve the problem similarly by something like
>>> BTNS(ofcourse Multicast part needs to be thought further) which does
>>> not necessarily require any certificate verification - so we may have
>>> unauthenticated IKE SA's but then all keys for the CHILD_SA from
>>> there
>>> are automatically generated.
>>>
>>> Thanks,
>>> Vishwas
>>>
>>>
>> _______________________________________________
>> OSPF mailing list
>> OSPF@ietf.org
>> https://www.ietf.org/mailman/listinfo/ospf
>
>
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email