Paul,
There is though value in defining "MUST support" algos, otherwise poor users could be faced with having routers which all implement OSPF but can be made to interoperate unless authentication is left unconfigured.
We have drafts to meet the following exact requirements: http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-ospf-00.txt and http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.txt
for OSPF and IS-IS respectively. Thanks, Vishwas On 8/24/06, Paul Jakma <[EMAIL PROTECTED]> wrote:
On Wed, 23 Aug 2006, Dave Katz wrote: > Sigh. C'mon, folks, there is no problem. > At the end of the day it doesn't matter if the value of 2 or 3 or > 42 is used; if there's a mismatch on the the algorithm ID, the > algorithm, or the key, the authentication will fail, and if it all > matches, it will work. Strongly concur. There is though value in defining "MUST support" algos, otherwise poor users could be faced with having routers which all implement OSPF but can be made to interoperate unless authentication is left unconfigured. MD5 at least should be defined as a MUST support. (Despite the pre-image weaknesses, it's still not yet completely insecure in MAC mode) regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A
_______________________________________________ OSPF mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ospf
