Hi Manav, Assuming that in future ospfv3 Authentication trailer cryptographic algorithm also considers ospfv3 source address as part of algorithm, we can avoid ipv6 checksum calculation for ospfv3 when Authentication Trailer(AT) support is there.
But this will impact migration techniques mentioned in Authentication Trailer draft.Where Router supporting AT and routers not supporting AT can coexsist. Once Complete migration happens to AT(Authentication Trailer) then we can avoid checksum calcualtion. Thanks Rajesh This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: Bhatia, Manav (Manav) [mailto:[email protected]] Sent: Wednesday, January 19, 2011 10:15 AM To: Rajesh Shetty; 'Acee Lindem' Cc: [email protected] Subject: RE: [OSPF] Supporting Authentication Trailer for OSPFv3 Hi Rajesh, Yes, you are right. We should add text that says that checksum SHOULD not be computed and verified when an authentication trailer is attached to an OSPFv3 packet. Cheers, Manav > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Rajesh Shetty > Sent: Wednesday, January 19, 2011 10.09 AM > To: 'Acee Lindem' > Cc: [email protected] > Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 > > > Dear Acee, > > Just a discrepancy between ospfv2 and ospfv3: > IN OSPFv2 cryptographic authentication, checksum filed is set to zero. > IN > OSPFv3 authentication Trailer, both cryptographic authentication and > checksum are calculated. Checksum in OSPFv3 covers ipv6 pseudo header, > entire ospf packet. Covering ospf packet might not be necessary in > this scenario since cryptographic authentication already covers the > same. > > > Thanks > Rajesh > > > This e-mail and attachments contain confidential information from > HUAWEI, which is intended only for the person or entity whose address > is listed above. Any use of the information contained herein in any > way (including, but not limited to, total or partial disclosure, > reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the > sender by phone or email immediately and delete it! > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Acee Lindem > Sent: Friday, January 07, 2011 8:39 PM > To: Bhatia, Manav (Manav) > Cc: [email protected]; Vishwas Manral > Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 > > Actually I was just making sure everyone was paying attention > :^) Since I'm > an author, I'll validate with Abhay and Stewart but I think we can > move forward and make this a WG document. > > > Thanks, > Acee > > On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: > > > I am sure Acee meant that the he and the authors would like > to see this > draft adopted up as a WG draft. > > > > I agree with that sentiment and would request this to be > accepted as a WG > document. We've had several mails in the past where this work was > supported and none that was against. > > > > Cheers, Manav > > > >> -----Original Message----- > >> From: Acee Lindem [mailto:[email protected]] > >> Sent: Friday, January 07, 2011 2.11 AM > >> To: [email protected] > >> Cc: Bhatia, Manav (Manav); Vishwas Manral > >> Subject: Supporting Authentication Trailer for OSPFv3 > >> > >> Speaking as WG Co-Chair: > >> > >> At the last OSPF WG meeting, there was some interest in this draft. > >> I'm now asking for opinions for and against. > >> > >> Speaking as a WG member: > >> > >> The authors (myself included) would not like to make this a WG > >> draft. On the OSPF list and at the OSPF WG meeting, the only > >> dissent was on along the lines of making IPsec (including IKEv2) > >> work better with OSPFv3 rather than doing this. I don't disagree > >> that this should be a goal but I don't think it should preclude > >> this work. > >> > >> Thanks, > >> Acee > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > = _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
