Thanks Les and Acee for clarification. Regards, Vinayaka G
On Sun, Feb 19, 2023 at 10:24 PM Les Ginsberg (ginsberg) <[email protected]> wrote: > Acee - > > Note that in IS-IS there is no keyid in the authentication TLV for MD5 > (see RFC 5304), but there is a 16 bit keyid for crypto: > https://www.rfc-editor.org/rfc/rfc5310.html#section-3.1 > > That said, I agree there is no significant advantage to including the > authentication type. > > Les > > > -----Original Message----- > > From: Lsr <[email protected]> On Behalf Of Acee Lindem > > Sent: Sunday, February 19, 2023 4:57 AM > > To: Gun Vinayaka <[email protected]> > > Cc: [email protected] > > Subject: Re: [Lsr] Info on Authentication type for Keyed MD5 and HMAC- > > SHA2 family > > > > > > > > > On Feb 19, 2023, at 2:29 AM, Gun Vinayaka <[email protected]> > > wrote: > > > > > > Thanks Acede for the clarification. > > > > > > Please share info if other protocols such as ISIS or BFD have a > significant > > advantage by having different authentication types for MD5 and > > HMAC_SHA2. > > > > No - note that they don’t include a key-id in the packet. > > > > Thanks, > > Acee > > > > > > > > > > > > Thanks, > > > Vinayaka G > > > > > > On Thu, Feb 16, 2023 at 10:52 PM Acee Lindem <[email protected]> > > wrote: > > > Hi Gun, > > > > > > RFC 2328 defined type 2 to generically refer to all cryptographic > > authentication types. Given that the key-id implies both the specific > > authentication algorithm and the key, I don’t see that this is a problem > or > > that using different OSPF authentication types would have provided any > > significant advantage (unless you’re an attacker and MD5 is being used) > > > > > > Thanks, > > > Acede > > > > > > > On Feb 16, 2023, at 7:15 AM, Gun Vinayaka <[email protected]> > > wrote: > > > > > > > > Hi ALL, > > > > > > > > As per RFC 2328 for OSPFv2 authentication type 2 is used for > > cryptographic authentication wherein keyed MD5 was mentioned. > > > > > > > > Same authentication type is used for HMAC-SHA2 family algorithms > > mentioned via RFC 5709. > > > > > > > > For ISIS authentication type varies between MD5 and HMAC-SHA2 family. > > The same case applies to BFD as well (different authentication types are > used > > for keyed-MD5, keyed SHA etc..). > > > > > > > > If other protocols such as ISIS and BFD have a different > authentication > > types for MD5 and HMAC-SHA for what reason OSPF has to use same > > authentication type for MD5 and HMAC-SHA2 family. > > > > > > > > Thanks, > > > > Vinayaka G > > > > > > > > _______________________________________________ > > > > Lsr mailing list > > > > [email protected] > > > > https://www.ietf.org/mailman/listinfo/lsr > > > > > > > _______________________________________________ > > Lsr mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/lsr >
_______________________________________________ Lsr mailing list [email protected] https://www.ietf.org/mailman/listinfo/lsr
