On Wed, 23 Aug 2006, Dave Katz wrote:
Sigh. C'mon, folks, there is no problem.
At the end of the day it doesn't matter if the value of 2 or 3 or
42 is used; if there's a mismatch on the the algorithm ID, the
algorithm, or the key, the authentication will fail, and if it all
matches, it will work.
Strongly concur.
There is though value in defining "MUST support" algos, otherwise
poor users could be faced with having routers which all implement
OSPF but can be made to interoperate unless authentication is left
unconfigured.
MD5 at least should be defined as a MUST support.
(Despite the pre-image weaknesses, it's still not yet completely
insecure in MAC mode)
regards,
--
Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A
Fortune:
We promise according to our hopes, and perform according to our fears.
_______________________________________________
OSPF mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ospf
