[secdir] Review of draft-ietf-ospf-hmac-sha-06.txt

"Hilarie Orman" <ho@alum.mit.edu> Wed, 26 August 2009 23:49 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id E8DB13A6B02; Wed, 26 Aug 2009 16:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.349
X-Spam-Status: No, score=-3.349 tagged_above=-999 required=5 tests=[AWL=0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id FoE-2G-RF63x; Wed, 26 Aug 2009 16:49:38 -0700 (PDT)
Received: from out01.mta.xmission.com (out01.mta.xmission.com []) by core3.amsl.com (Postfix) with ESMTP id 40C413A68A8; Wed, 26 Aug 2009 16:49:38 -0700 (PDT)
Received: from mx03.mta.xmission.com ([]) by out01.mta.xmission.com with esmtp (Exim 4.62) (envelope-from <hilarie@purplestreak.com>) id 1MgSFa-0007pg-EM; Wed, 26 Aug 2009 17:49:58 -0600
Received: from 166-70-57-249.ip.xmission.com ([] helo=localhost.localdomain) by mx03.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1MgSFI-00020P-Lr; Wed, 26 Aug 2009 17:49:41 -0600
Received: from localhost.localdomain (tobermory []) by localhost.localdomain (8.12.10/8.12.10) with ESMTP id n7QNlY7t025790; Wed, 26 Aug 2009 17:47:34 -0600
Received: (from ho@localhost) by localhost.localdomain (8.12.10/8.12.10/Submit) id n7QNlXCp025786; Wed, 26 Aug 2009 17:47:33 -0600
Date: Wed, 26 Aug 2009 17:47:33 -0600
Message-Id: <200908262347.n7QNlXCp025786@localhost.localdomain>
X-Authentication-Warning: localhost.localdomain: ho set sender to hilarie using -f
From: Hilarie Orman <ho@alum.mit.edu>
To: iesg@ietf.org, secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx03.mta.xmission.com; ; ; ip=; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=alum.mit.edu; ; ; sender=ho@alum.mit.edu; ; ; status=no signature
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;iesg@ietf.org, secdir@ietf.org
X-SA-Exim-Version: 4.2.1 (built Thu, 25 Oct 2007 00:26:12 +0000)
X-SA-Exim-Scanned: Yes (on mx03.mta.xmission.com)
Cc: rja@extremenetworks.com, mjbarnes@cisco.com, mfanto@aegisdatasecurity.com, tony.li@tony.li, acee@redback.com, manav@alcatel-lucent.com, akr@cisco.com, riw@cisco.com
Subject: [secdir] Review of draft-ietf-ospf-hmac-sha-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2009 23:49:39 -0000

Review of draft-ietf-ospf-hmac-sha-06.txt

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily for
the benefit of the security area directors.  Document editors and WG
chairs should treat these comments just like any other last call

My only comment on this greatly improved document concerns the last
paragraph of section 4:

   Use of full digital signatures would ...
   eliminat[e] the replay issue that was noted above.

Replay can remain a problem even with signed data, can't it?  I think
that two-way communication is may be a requirement for eliminating the
possibility of replay.