Hello Manav,
Manav Bhatia wrote:
Hi Tom,
[..]
The poll should be on whether we should proceed as-is in the draft or
should we use a new type field for each new authentication scheme that
we come out with?
We dont need to use a new auth type value for each new authentication
> scheme that comes up in the future.
One can define a new generic auth type 3, which would carry the
authentication algorithm details in addition to the Key ID, auth data
length and the crypto sequence number. The authentication data for type
auth type 3 would be the same as type 2, except that the reserved bytes
would get replaced with the authentication algorithm ID.
A concern I have with this is that when a new authentication algorithm is
devised we would have to have to wait for a new OSPF RFC to specify the
Authentication Algorithm ID before we could implement the algorithm.
Generally, I don't think a new OSPF RFC should be required just to make
use of a new algorithm.
Looking at IPsec, it also does not include a field which indicates which
algorithm is used. The IPsec SPI is equivalent to the Key ID we use in
OSPF. We are defining an SA similarly to IPsec, which . As in IPsec, the
SA indicates which algorithm and key are used. So this draft is in keeping
with how IPsec operates. I think it makes sense for OSPF to follow the
lead of IPsec in this regard.
My $.02
Thanks,
Michael
However, i dont think this is required.
Cheers,
Manav
_______________________________________________
OSPF mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ospf
