I concur with Michael that this looks like a very good idea indeed. I remember that back in circa 2006, there weren't as many vendors doing IPSec as MD5 security (am hoping its changed now). Even the ones that did IPSec only did AH, while the OSPFv3 standard stated ESP-NULL as a MUST and AH as a MAY. And last but not the least, configuring IPSec is a BIGGGGG pain. Configuring it for use in routing protocols where you would ideally want things to just be up, becomes a distant reality with IPSec. I am glad there is work finally happening in this direction!
Glen On Sat, Sep 25, 2010 at 6:23 AM, Michael Barnes <[email protected]> wrote: > Hi Manav, > > I think this is a fine idea. > > On my first read through the draft I didn't find anything that I disagree > with. > > Cheers, > Michael > > ------ Original Message ------ > Received: Fri, 24 Sep 2010 05:34:20 PM PDT > From: "Bhatia, Manav (Manav)" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [OSPF] Non IPSec Authentication mechanism for OSPFv3 > >> Hi, >> >> Currently OSPFv3 uses only IPSec for authentication. I have written a small > draft that uses provides a different authentication mechanism - non IPSec > based, for OSPFv3 as IPSec is generally considered inadequate for routing > protocols. Would be great if folks can review this. >> >> http://tools.ietf.org/html/draft-bhatia-karp-non-ipsec-ospfv3-auth-00 >> >> Cheers, Manav >> >> -- >> Manav Bhatia, >> IP Division, Alcatel-Lucent, >> Bangalore - India >> >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf > > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
