Re: Authentication
Dave Katz <dkatz@juniper.net> Thu, 17 March 2005 18:58 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06760; Thu, 17 Mar 2005 13:58:48 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DC0H8-0002or-EX; Thu, 17 Mar 2005 14:03:18 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DC0CA-0007HS-R7; Thu, 17 Mar 2005 13:58:10 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DC0C9-0007HH-Ga for rtg-bfd@megatron.ietf.org; Thu, 17 Mar 2005 13:58:09 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06707 for <rtg-bfd@ietf.org>; Thu, 17 Mar 2005 13:58:05 -0500 (EST)
Received: from colo-dns-ext1.juniper.net ([207.17.137.57]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DC0GQ-0002nC-Oe for rtg-bfd@ietf.org; Thu, 17 Mar 2005 14:02:36 -0500
Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id j2HIvt956728; Thu, 17 Mar 2005 10:57:55 -0800 (PST) (envelope-from dkatz@juniper.net)
Received: from [172.16.12.139] (nimbus-sf.juniper.net [172.16.12.139]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id j2HIvne53733; Thu, 17 Mar 2005 10:57:49 -0800 (PST) (envelope-from dkatz@juniper.net)
In-Reply-To: <313680C9A886D511A06000204840E1CF0B454151@whq-msgusr-02.pit.comms.marconi.com>
References: <313680C9A886D511A06000204840E1CF0B454151@whq-msgusr-02.pit.comms.marconi.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <c22790cbb3b46b98c7d39d35c96c3231@juniper.net>
Content-Transfer-Encoding: 7bit
From: Dave Katz <dkatz@juniper.net>
Date: Thu, 17 Mar 2005 12:00:21 -0700
To: "Gray, Eric" <Eric.Gray@marconi.com>
X-Mailer: Apple Mail (2.619.2)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Content-Transfer-Encoding: 7bit
Cc: rtg-bfd@ietf.org
Subject: Re: Authentication
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Sender: rtg-bfd-bounces@ietf.org
Errors-To: rtg-bfd-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Content-Transfer-Encoding: 7bit
On Mar 17, 2005, at 11:40 AM, Gray, Eric wrote: > Dave, > > Is it actually the case that the IESG will not allow > the document to advance without requiring SHA-1, or is it > the case that we either mandate it or we define the security > and/or trust environment in which it is, or is not, required? I'm not sure, Dave2 or Jeff could comment. My impression was that they would not let the document advance without it being fully mandatory. > > One could make the case that authentication is not > required for devices that are not directly exposed to the > big I. In such devices, it could also be the case that > realistic authentication is unlikely to be feasible. In > that case, and assuming that making an attempt to provide > authentication that is even approximately realistic has a > non-zero cost - even if it is never turned on - why would > we want to mandate authentication for such devices?\ I fully agree. I suspect that the reality is that most vendors who are only interested in single hop BFD will throw a CPU-based authentication implementation in and continue to use the TTL hack and nobody will use it. Or else they will just leave it out (but then some customer will demand it because the spec says it has to be there, and they'll be forced to do the above.) --Dave
- Authentication Chris Nogradi
- Re: Authentication Pekka Savola
- Re: Authentication Dave Katz
- Re: Authentication Dave Katz
- RE: Authentication Gray, Eric
- Re: Authentication Dave Katz
- Re: Authentication David Ward