Acee - Note that in IS-IS there is no keyid in the authentication TLV for MD5 (see RFC 5304), but there is a 16 bit keyid for crypto: https://www.rfc-editor.org/rfc/rfc5310.html#section-3.1
That said, I agree there is no significant advantage to including the authentication type. Les > -----Original Message----- > From: Lsr <[email protected]> On Behalf Of Acee Lindem > Sent: Sunday, February 19, 2023 4:57 AM > To: Gun Vinayaka <[email protected]> > Cc: [email protected] > Subject: Re: [Lsr] Info on Authentication type for Keyed MD5 and HMAC- > SHA2 family > > > > > On Feb 19, 2023, at 2:29 AM, Gun Vinayaka <[email protected]> > wrote: > > > > Thanks Acede for the clarification. > > > > Please share info if other protocols such as ISIS or BFD have a significant > advantage by having different authentication types for MD5 and > HMAC_SHA2. > > No - note that they don’t include a key-id in the packet. > > Thanks, > Acee > > > > > > > Thanks, > > Vinayaka G > > > > On Thu, Feb 16, 2023 at 10:52 PM Acee Lindem <[email protected]> > wrote: > > Hi Gun, > > > > RFC 2328 defined type 2 to generically refer to all cryptographic > authentication types. Given that the key-id implies both the specific > authentication algorithm and the key, I don’t see that this is a problem or > that using different OSPF authentication types would have provided any > significant advantage (unless you’re an attacker and MD5 is being used) > > > > Thanks, > > Acede > > > > > On Feb 16, 2023, at 7:15 AM, Gun Vinayaka <[email protected]> > wrote: > > > > > > Hi ALL, > > > > > > As per RFC 2328 for OSPFv2 authentication type 2 is used for > cryptographic authentication wherein keyed MD5 was mentioned. > > > > > > Same authentication type is used for HMAC-SHA2 family algorithms > mentioned via RFC 5709. > > > > > > For ISIS authentication type varies between MD5 and HMAC-SHA2 family. > The same case applies to BFD as well (different authentication types are used > for keyed-MD5, keyed SHA etc..). > > > > > > If other protocols such as ISIS and BFD have a different authentication > types for MD5 and HMAC-SHA for what reason OSPF has to use same > authentication type for MD5 and HMAC-SHA2 family. > > > > > > Thanks, > > > Vinayaka G > > > > > > _______________________________________________ > > > Lsr mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/lsr > > > > _______________________________________________ > Lsr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lsr _______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
