Hi, Proposing another mechanism for doing non Ipsec authentication for OSPFv3. In this proposal the OSPFv3 authentication information is appended to the OSPFv3 packet and is not considered a part of the protocol payload; it is instead included in the IPv6 packet's payload length.
The mechanism described is very similar to how it is done for OSPFv2 and implementations can reuse most of the existing code for authenticating OSPFv2. So whats the difference between this and the draft-bhatia-karp-non-ipsec-ospfv3-auth-01.txt? The main difference is that the latter introduces a new IPv6 extension header that can be used by all protocols that want to use non IPSec security. The main issue that I see is that while it is generic I don't see too many applications that might want to use this. The advantage of the new mechanism is that its restricted to OSPFv3 and is also backward compatible. Implementations that don't support this extension can continue to ignore this trailer attached to the OSPFv3 payload. The other difference is regarding the code reusability. In the new mechanism (Authentication Trailer) very little new code needs to be added, while the earlier (Generic Authentication Header) mechanism would require new source code to be added. Would be great if the WG can review this document! Cheers, Manav ----- Forwarded Message ---- From: "[email protected]" <[email protected]> To: [email protected] Sent: Tue, September 28, 2010 11:15:01 PM Subject: I-D ACTION:draft-bhatia-manral-auth-trailer-ospfv3-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Supporting Authentication Trailer for OSPFv3 Author(s) : M. Bhatia, V. Manral Filename : draft-bhatia-manral-auth-trailer-ospfv3-00.txt Pages : 12 Date : 2010-9-28 Currently OSPFv3 uses IPsec for authenticating the protocol packets. There however are some environments (mobile ad-hoc), where IPsec is difficult to configure and maintain, and this mechanism cannot be used. This draft proposes an alternative mechanism that can be used so that OSPFv3 does not depend upon IPsec for security. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bhatia-manral-auth-trailer-ospfv3-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. -- Manav Bhatia, IP Division, Alcatel-Lucent, Bangalore - India _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
