Hi, We have posted the new version of this draft for the WG to review.
Changes from -00: o Uses a new option bit (AT) present in the Hellos and DDs to indicate that the router will use an Authentication trailer in all OSPFv3 packets on that link. This will obviously be negotiated and the routers will only do this if both the routers turn on the AT bit. o Describes where the new authentication trailer is placed wrt link local signaling (LLS) block defined in RFC5613. o Some editorial changes. Acee, Vishwas and Manav > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Bhatia, Manav (Manav) > Sent: Wednesday, September 29, 2010 4.50 AM > To: [email protected] > Subject: [OSPF] draft-bhatia-manral-auth-trailer-ospfv3-00.txt > > > Hi, > > Proposing another mechanism for doing non Ipsec > authentication for OSPFv3. In this proposal the OSPFv3 > authentication information is appended to the OSPFv3 packet > and is not considered a part of the protocol payload; it is > instead included in the IPv6 packet's payload length. > > The mechanism described is very similar to how it is done for > OSPFv2 and implementations can reuse most of the existing > code for authenticating OSPFv2. > > So whats the difference between this and the > draft-bhatia-karp-non-ipsec-ospfv3-auth-01.txt? > > The main difference is that the latter introduces a new IPv6 > extension header that can be used by all protocols that want > to use non IPSec security. The main issue that I see is that > while it is generic I don't see too many applications that > might want to use this. The advantage of the new mechanism is > that its restricted to OSPFv3 and is also backward > compatible. Implementations that don't support this extension > can continue to ignore this trailer attached to the OSPFv3 payload. > > The other difference is regarding the code reusability. In > the new mechanism (Authentication Trailer) very little new > code needs to be added, while the earlier (Generic > Authentication Header) mechanism would require new source > code to be added. > > Would be great if the WG can review this document! > > Cheers, Manav > > ----- Forwarded Message ---- > From: "[email protected]" <[email protected]> > To: [email protected] > Sent: Tue, September 28, 2010 11:15:01 PM > Subject: I-D ACTION:draft-bhatia-manral-auth-trailer-ospfv3-00.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Supporting Authentication Trailer for OSPFv3 > Author(s) : M. Bhatia, V. Manral > Filename : draft-bhatia-manral-auth-trailer-ospfv3-00.txt > Pages : 12 > Date : 2010-9-28 > > Currently OSPFv3 uses IPsec for authenticating the protocol > packets. There however are some environments (mobile ad-hoc), > where IPsec is difficult to configure and maintain, and this > mechanism cannot be used. This draft proposes an alternative > mechanism that can be used so that OSPFv3 does not depend upon > IPsec for security. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-bhatia-manral-auth-t > railer-ospfv3-00.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > -- > Manav Bhatia, > IP Division, Alcatel-Lucent, > Bangalore - India > > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
