On 2/18/2011 10:36 AM, Nick Hilliard wrote:
On 18/02/2011 17:51, Justin Krejci wrote:
Yeah... I guess no one would ever use IPv6 with OSPF until IPv6 feature
sets are completely matured on all platforms of every major vendor. Or
maybe no vendor should release any v6 support until every feature was
100% v6 enabled.
I don't think that was the problem. The IETF wonks saw MD5
authentication on OSPFv2 as a dirty hack, rather than as a quick and
easy means of providing a 99.99% solution to OSPF authentication.
Instead, they wanted a 100% solution, and in their opinion IPsec was the
way to do this because it provided a cryptographically sound framework
for authentication and encryption services. So they mandated that there
should be no MD5 authentication for OSPFv3, just IPsec.
There is a current draft that proposes to add digest authentication to
OSPFv3. You might want to support this in the IETF and ask Cisco to
support it.
http://tools.ietf.org/html/draft-bhatia-manral-auth-trailer-ospfv3-01
aj
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
