Sujay, OSPF can make use of various cryptographic algorithms in order to authenticate its packets. Your concern is wrt interoperability between disparate implementations where a particular implementation may not implement some certain mandatory-to-implement algorithms. To ensure this doesn’t happen, it is necessary to specify a set of mandatory-to-implement algorithms so that there is at least one algorithm that all implementations will have available. We cannot assume this mandatory-to-implement algorithm to be MD5, as this has been broken. MD5CRK, was a distributed computing project to break the MD5 hash algorithm in a short period of time. The project closed down with the publication of their paper by Wang, X. et al., "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", August 2004, http://eprint.iacr.org/2004/199
draft-bhatia-manral-crypto-req-ospf-00.txt defines the current set of mandatory-to-implement algorithms that can be used for the cryptographic authentication for OSPF as well as specifies the algorithms that should/must be implemented because they may get promoted to mandatory at some future time. http://tools.ietf.org/wg/ospf/draft-bhatia-manral-crypto-req-ospf-00.txt Cheers, Manav ________________________________ From: sujay [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 2:36 PM To: 'Manav Bhatia' Cc: 'Mailing List'; [email protected] Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft Yes, If an authentication fails it could mean the algo's used are different. And if one implementation supports MD5 alone( "which I believe is commonly used !" ), the others support otherwise, It could be a problem, there is no explicit way we are converying which algo is being used. The Au Type = 2 is overloaded. Now a "MUST" clause is for the WG to decide. Regds, Sujay G My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h&hl=en -- Lucent Technologies _______________________________________________ OSPF mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ospf
