RE: Authentication
"Gray, Eric" <Eric.Gray@marconi.com> Thu, 17 March 2005 18:40 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA05334; Thu, 17 Mar 2005 13:40:43 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DBzzZ-0002Md-I4; Thu, 17 Mar 2005 13:45:09 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DBzvC-0002g2-RG; Thu, 17 Mar 2005 13:40:38 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DBzvA-0002ft-LI for rtg-bfd@megatron.ietf.org; Thu, 17 Mar 2005 13:40:37 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA05293 for <rtg-bfd@ietf.org>; Thu, 17 Mar 2005 13:40:32 -0500 (EST)
Received: from mailgate.pit.comms.marconi.com ([169.144.68.6]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DBzzS-0002Lh-BM for rtg-bfd@ietf.org; Thu, 17 Mar 2005 13:45:02 -0500
Received: from mailman.pit.comms.marconi.com (mailman.pit.comms.marconi.com [169.144.2.12]) by mailgate.pit.comms.marconi.com (8.12.10+Sun/8.12.10) with ESMTP id j2HIeQMe002140; Thu, 17 Mar 2005 13:40:26 -0500 (EST)
Received: from uspitsmsgrtr01.pit.comms.marconi.com (uspitsmsgrtr01.pit.comms.marconi.com [169.144.2.221]) by mailman.pit.comms.marconi.com (8.9.3/8.9.3) with ESMTP id NAA06400; Thu, 17 Mar 2005 13:40:25 -0500 (EST)
Received: by uspitsmsgrtr01.pit.comms.marconi.com with Internet Mail Service (5.5.2657.72) id <G3NPY68S>; Thu, 17 Mar 2005 13:40:25 -0500
Message-ID: <313680C9A886D511A06000204840E1CF0B454151@whq-msgusr-02.pit.comms.marconi.com>
From: "Gray, Eric" <Eric.Gray@marconi.com>
To: 'Dave Katz' <dkatz@juniper.net>
Date: Thu, 17 Mar 2005 13:40:15 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Cc: rtg-bfd@ietf.org
Subject: RE: Authentication
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Sender: rtg-bfd-bounces@ietf.org
Errors-To: rtg-bfd-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Dave, Is it actually the case that the IESG will not allow the document to advance without requiring SHA-1, or is it the case that we either mandate it or we define the security and/or trust environment in which it is, or is not, required? One could make the case that authentication is not required for devices that are not directly exposed to the big I. In such devices, it could also be the case that realistic authentication is unlikely to be feasible. In that case, and assuming that making an attempt to provide authentication that is even approximately realistic has a non-zero cost - even if it is never turned on - why would we want to mandate authentication for such devices? -- Eric -----Original Message----- From: rtg-bfd-bounces@ietf.org [mailto:rtg-bfd-bounces@ietf.org]On Behalf Of Dave Katz Sent: Thursday, March 17, 2005 1:29 PM To: Chris Nogradi Cc: rtg-bfd@ietf.org Subject: Re: Authentication On Mar 17, 2005, at 7:08 AM, Chris Nogradi wrote: > Dave, > > I just noticed that you have added the following sentence to the base > draft in > section 6.6: > > "Implementations MUST support SHA1 authentication. Other froms of > authentication are optional." > > Since you did not make mention of this in the document changes > sections, I > assume that this does not mean that all implementations must support > at least > this form of authentication. Is the purpose of this sentence to say > that if > an implementation uses authentication, it must support SHA1? Sorry, I forgot to list that in the changes. This is in there because the IESG will not allow the document to advance without it. It's an interesting question as to whether they would allow the spec to say that an implementation could have no authentication at all; my guess is that their stand is that the spec must require that all implementations support SHA1 authentication. I also expect that vendors will make their own choices, as there is no significant difference between an implementation in which nobody turns on authentication and an implementation that does not even include it. But that's the word from on high. > > BTW, there is a typo in this sentence as it should say "forms" instead > of > "froms". Thanks... --Dave
- Authentication Chris Nogradi
- Re: Authentication Pekka Savola
- Re: Authentication Dave Katz
- Re: Authentication Dave Katz
- RE: Authentication Gray, Eric
- Re: Authentication Dave Katz
- Re: Authentication David Ward