Hi Manav, Agree, mandatory set of algo is a must. Which one falls in this set is unsure. Assuming the requirement of backward compatibility would still hold good. I believe the network operators on this list will best mandate the minimal algo required. Regds, Sujay G My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en
This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: Manav Bhatia [mailto:[EMAIL PROTECTED] Sent: 2006年8月23日 14:54 To: [EMAIL PROTECTED] Cc: [email protected]; [EMAIL PROTECTED] Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft Sujay, OSPF can make use of various cryptographic algorithms in order to authenticate its packets. Your concern is wrt interoperability between disparate implementations where a particular implementation may not implement some certain mandatory-to-implement algorithms. To ensure this doesn’t happen, it is necessary to specify a set of mandatory-to-implement algorithms so that there is at least one algorithm that all implementations will have available. We cannot assume this mandatory-to-implement algorithm to be MD5, as this has been broken. MD5CRK, was a distributed computing project to break the MD5 hash algorithm in a short period of time. The project closed down with the publication of their paper by Wang, X. et al., "Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", August 2004, http://eprint.iacr.org/2004/199 draft-bhatia-manral-crypto-req-ospf-00.txt defines the current set of mandatory-to-implement algorithms that can be used for the cryptographic authentication for OSPF as well as specifies the algorithms that should/must be implemented because they may get promoted to mandatory at some future time. http://tools.ietf.org/wg/ospf/draft-bhatia-manral-crypto-req-ospf-00.txt Cheers, Manav ________________________________ From: sujay [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 23, 2006 2:36 PM To: 'Manav Bhatia' Cc: 'Mailing List'; [email protected] Subject: RE: [OSPF] Revised OSPF HMAC SHA Authentication Draft Yes, If an authentication fails it could mean the algo's used are different. And if one implementation supports MD5 alone( "which I believe is commonly used !" ), the others support otherwise, It could be a problem, there is no explicit way we are converying which algo is being used. The Au Type = 2 is overloaded. Now a "MUST" clause is for the WG to decide. Regds, Sujay G My Location; http://maps.google.com/maps?ll=14.626109,76.959229&spn=4.724852,7.525085&t=h &hl=en -- Lucent Technologies _______________________________________________ OSPF mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ospf
