---------- Forwarded message ---------- From: mark Brown <[email protected]> To: "Bhatia, Manav (Manav)" <[email protected]> Date: Sat, 16 Oct 2010 02:06:51 +0530 Subject: Re: [karp] Supporting Authentication Trailer for OSPFv3 Hi Manav,
I think this is a good idea and something that was long due. Mark On Fri, Oct 15, 2010 at 5:06 AM, Bhatia, Manav (Manav) <[email protected]> wrote: > Hi, > > We have posted the new version of this draft for the WG to review. > > Changes from -00: > > o Uses a new option bit (AT) present in the Hellos and DDs to indicate that > the router will use an Authentication trailer in all OSPFv3 packets on that > link. This will obviously be negotiated and the routers will only do this if > both the routers turn on the AT bit. > > o Describes where the new authentication trailer is placed wrt link local > signaling (LLS) block defined in RFC5613. > > o Some editorial changes. > > Acee, Vishwas and Manav > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Bhatia, Manav (Manav) >> Sent: Wednesday, September 29, 2010 4.50 AM >> To: [email protected] >> Subject: [OSPF] draft-bhatia-manral-auth-trailer-ospfv3-00.txt >> >> >> Hi, >> >> Proposing another mechanism for doing non Ipsec >> authentication for OSPFv3. In this proposal the OSPFv3 >> authentication information is appended to the OSPFv3 packet >> and is not considered a part of the protocol payload; it is >> instead included in the IPv6 packet's payload length. >> >> The mechanism described is very similar to how it is done for >> OSPFv2 and implementations can reuse most of the existing >> code for authenticating OSPFv2. >> >> So whats the difference between this and the >> draft-bhatia-karp-non-ipsec-ospfv3-auth-01.txt? >> >> The main difference is that the latter introduces a new IPv6 >> extension header that can be used by all protocols that want >> to use non IPSec security. The main issue that I see is that >> while it is generic I don't see too many applications that >> might want to use this. The advantage of the new mechanism is >> that its restricted to OSPFv3 and is also backward >> compatible. Implementations that don't support this extension >> can continue to ignore this trailer attached to the OSPFv3 payload. >> >> The other difference is regarding the code reusability. In >> the new mechanism (Authentication Trailer) very little new >> code needs to be added, while the earlier (Generic >> Authentication Header) mechanism would require new source >> code to be added. >> >> Would be great if the WG can review this document! >> >> Cheers, Manav >> >> ----- Forwarded Message ---- >> From: "[email protected]" <[email protected]> >> To: [email protected] >> Sent: Tue, September 28, 2010 11:15:01 PM >> Subject: I-D ACTION:draft-bhatia-manral-auth-trailer-ospfv3-00.txt >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> >> Title : Supporting Authentication Trailer for OSPFv3 >> Author(s) : M. Bhatia, V. Manral >> Filename : draft-bhatia-manral-auth-trailer-ospfv3-00.txt >> Pages : 12 >> Date : 2010-9-28 >> >> Currently OSPFv3 uses IPsec for authenticating the protocol >> packets. There however are some environments (mobile ad-hoc), >> where IPsec is difficult to configure and maintain, and this >> mechanism cannot be used. This draft proposes an alternative >> mechanism that can be used so that OSPFv3 does not depend upon >> IPsec for security. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-bhatia-manral-auth-t >> railer-ospfv3-00.txt >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> Below is the data which will enable a MIME compliant mail reader >> implementation to automatically retrieve the ASCII version of the >> Internet-Draft. >> -- >> Manav Bhatia, >> IP Division, Alcatel-Lucent, >> Bangalore - India >> >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> > _______________________________________________ > karp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/karp > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
