Hi Manav, You'll find this mechanism much easier to move forward as this has changes localized to OSPF vis-a-vis your earlier proposal which would require some coordination with the v6man WG.
The new proposal looks better than the previous. Small nit: Section 6 - IANA considerations looks wrong. As per my understanding this document does not require any IANA considerations, and yet, the draft seems to be asking for some code point from IP protocol space. Looks like a cut-paste problem - would be great if you can clarify this. Glen On Wed, Sep 29, 2010 at 4:49 AM, Bhatia, Manav (Manav) <[email protected]> wrote: > > Hi, > > Proposing another mechanism for doing non Ipsec authentication for OSPFv3. In > this proposal the OSPFv3 authentication information is appended to the OSPFv3 > packet and is not considered a part of the protocol payload; it is instead > included in the IPv6 packet's payload length. > > The mechanism described is very similar to how it is done for OSPFv2 and > implementations can reuse most of the existing code for authenticating OSPFv2. > > So whats the difference between this and the > draft-bhatia-karp-non-ipsec-ospfv3-auth-01.txt? > > The main difference is that the latter introduces a new IPv6 extension header > that can be used by all protocols that want to use non IPSec security. The > main issue that I see is that while it is generic I don't see too many > applications that might want to use this. The advantage of the new mechanism > is that its restricted to OSPFv3 and is also backward compatible. > Implementations that don't support this extension can continue to ignore this > trailer attached to the OSPFv3 payload. > > The other difference is regarding the code reusability. In the new mechanism > (Authentication Trailer) very little new code needs to be added, while the > earlier (Generic Authentication Header) mechanism would require new source > code to be added. > > Would be great if the WG can review this document! > > Cheers, Manav > > ----- Forwarded Message ---- > From: "[email protected]" <[email protected]> > To: [email protected] > Sent: Tue, September 28, 2010 11:15:01 PM > Subject: I-D ACTION:draft-bhatia-manral-auth-trailer-ospfv3-00.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Supporting Authentication Trailer for OSPFv3 > Author(s) : M. Bhatia, V. Manral > Filename : draft-bhatia-manral-auth-trailer-ospfv3-00.txt > Pages : 12 > Date : 2010-9-28 > > Currently OSPFv3 uses IPsec for authenticating the protocol > packets. There however are some environments (mobile ad-hoc), > where IPsec is difficult to configure and maintain, and this > mechanism cannot be used. This draft proposes an alternative > mechanism that can be used so that OSPFv3 does not depend upon > IPsec for security. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-bhatia-manral-auth-trailer-ospfv3-00.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > -- > Manav Bhatia, > IP Division, Alcatel-Lucent, > Bangalore - India > > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
