Hi all, RFC4552 provides authentication/confidentiality to OSPFv3 using AH/ESP. Manual keying is recommended as default keying method. That method is not scalable. Script configuration tools can improve that problem. However, they must be used together with additional secure mechanisms (e.g. IPsec encryption tunnels) to prevent from passing plaintext keys from configuration server to devices. Furthermore, manual intervention can not be completely avoided in such cases as router crashing and rebooting, route flapping, etc.
Therefore, an automated, scalable and secure group keying method is necessary for OSPFv3. Standard group key management protocols have been defined by MSEC WG. They can be used here to serve the group keying purpose. Comments are welcome. Regards, Liu Ya _______________________________________________ OSPF mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ospf
