[My original reply was rejected by the list. Resent for posterity now that I've subscribed.]
Vishwas, Thanks for your prompt response. I do not dispute that ESP provides authentication as well, but I don't believe that fact invalidates this errata. My stated rationale still holds, does it not? If an implementation desires to provide authentication without also providing confidentiality (as is permitted by 4552), AH alone can perform that function. Furthermore, AH authenticates more of the packet than does ESP. What is the rationale, therefore, for attaching the stronger "MUST" to ESP and the weaker "MAY" to AH in Section 3, Authentication? The errata may be invalid because the authors' intention is to mandate ESP support in all cases, regardless of the line of thought above, which I accept. That would mean that my comment against the specification should be submitted and discussed in a different forum. Regards, John -----Original Message----- From: Vishwas Manral [mailto:[email protected]] Sent: Tuesday, November 02, 2010 8:05 PM To: RFC Errata System Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; Obrien, John W Subject: EXTERNAL: Re: [OSPF] [Technical Errata Reported] RFC4552 (2599) Hi, This errata is wrong. ESP provides authentication as well as confidentiality, have a look at RFC 4301. Thanks, Vishwas On Tue, Nov 2, 2010 at 8:53 AM, RFC Errata System <[email protected]> wrote: > > The following errata report has been submitted for RFC4552, > "Authentication/Confidentiality for OSPFv3". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=4552&eid=2599 > > -------------------------------------- > Type: Technical > Reported by: John W. O'Brien <[email protected]> > > Section: 3 > > Original Text > ------------- > In order to provide authentication to OSPFv3, implementations MUST support > ESP and MAY support AH. > > > Corrected Text > -------------- > In order to provide authentication to OSPFv3, implementations MUST support AH > and MAY support ESP. > > Notes > ----- > Authentication can be provided by an implementation that supports AH only. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC4552 (draft-ietf-ospf-ospfv3-auth-08) > -------------------------------------- > Title : Authentication/Confidentiality for OSPFv3 > Publication Date : June 2006 > Author(s) : M. Gupta, N. Melam > Category : PROPOSED STANDARD > Source : Open Shortest Path First IGP > Area : Routing > Stream : IETF > Verifying Party : IESG > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
