---------- Forwarded message ----------
From: mark Brown <[email protected]>
To: "Bhatia, Manav (Manav)" <[email protected]>
Date: Sat, 16 Oct 2010 02:06:51 +0530
Subject: Re: [karp] Supporting Authentication Trailer for OSPFv3
Hi Manav,

I think this is a good idea and something that was long due.

Mark

On Fri, Oct 15, 2010 at 5:06 AM, Bhatia, Manav (Manav)
<[email protected]> wrote:
> Hi,
>
> We have posted the new version of this draft for the WG to review.
>
> Changes from -00:
>
> o Uses a new option bit (AT) present in the Hellos and DDs to indicate that 
> the router will use an Authentication trailer in all OSPFv3 packets on that 
> link. This will obviously be negotiated and the routers will only do this if 
> both the routers turn on the AT bit.
>
> o Describes where the new authentication trailer is placed wrt link local 
> signaling (LLS) block defined in RFC5613.
>
> o Some editorial changes.
>
> Acee, Vishwas and Manav
>
>> -----Original Message-----
>> From: [email protected] [mailto:[email protected]] On
>> Behalf Of Bhatia, Manav (Manav)
>> Sent: Wednesday, September 29, 2010 4.50 AM
>> To: [email protected]
>> Subject: [OSPF] draft-bhatia-manral-auth-trailer-ospfv3-00.txt
>>
>>
>> Hi,
>>
>> Proposing another mechanism for doing non Ipsec
>> authentication for OSPFv3. In this proposal the OSPFv3
>> authentication information is appended to the OSPFv3 packet
>> and is not considered a part of the protocol payload; it is
>> instead included in the IPv6 packet's payload length.
>>
>> The mechanism described is very similar to how it is done for
>> OSPFv2 and implementations can reuse most of the existing
>> code for authenticating OSPFv2.
>>
>> So whats the difference between this and the
>> draft-bhatia-karp-non-ipsec-ospfv3-auth-01.txt?
>>
>> The main difference is that the latter introduces a new IPv6
>> extension header that can be used by all protocols that want
>> to use non IPSec security. The main issue that I see is that
>> while it is generic I don't see too many applications that
>> might want to use this. The advantage of the new mechanism is
>> that its restricted to OSPFv3 and is also backward
>> compatible. Implementations that don't support this extension
>> can continue to ignore this trailer attached to the OSPFv3 payload.
>>
>> The other difference is regarding the code reusability. In
>> the new mechanism (Authentication Trailer) very little new
>> code needs to be added, while the earlier (Generic
>> Authentication Header) mechanism would require new source
>> code to be added.
>>
>> Would be great if the WG can review this document!
>>
>> Cheers, Manav
>>
>> ----- Forwarded Message ----
>> From: "[email protected]" <[email protected]>
>> To: [email protected]
>> Sent: Tue, September 28, 2010 11:15:01 PM
>> Subject: I-D ACTION:draft-bhatia-manral-auth-trailer-ospfv3-00.txt
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>
>>
>>     Title        : Supporting Authentication Trailer for OSPFv3
>>     Author(s)    : M. Bhatia, V. Manral
>>     Filename    : draft-bhatia-manral-auth-trailer-ospfv3-00.txt
>>     Pages        : 12
>>     Date        : 2010-9-28
>>
>> Currently OSPFv3 uses IPsec for authenticating the protocol
>>       packets. There however are some environments (mobile ad-hoc),
>>       where IPsec is difficult to configure and maintain, and this
>>       mechanism cannot be used. This draft proposes an alternative
>>       mechanism that can be used so that OSPFv3 does not depend upon
>>       IPsec for security.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-bhatia-manral-auth-t
>> railer-ospfv3-00.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> Below is the data which will enable a MIME compliant mail reader
>> implementation to automatically retrieve the ASCII version of the
>> Internet-Draft.
>> --
>> Manav Bhatia,
>> IP Division, Alcatel-Lucent,
>> Bangalore - India
>>
>>
>> _______________________________________________
>> OSPF mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/ospf
>>
> _______________________________________________
> karp mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/karp
>
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf

Reply via email to