Hi Manav, I dont think you gain much by not calculating checksum.
You gain a lot as any issues with the authentication algorithm like MD5, the checksum is another level of protection. Thanks, Vishwas On Tue, Jan 18, 2011 at 8:44 PM, Bhatia, Manav (Manav) <[email protected]> wrote: > Hi Rajesh, > > Yes, you are right. We should add text that says that checksum SHOULD not be > computed and verified when an authentication trailer is attached to an OSPFv3 > packet. > > Cheers, Manav > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Rajesh Shetty >> Sent: Wednesday, January 19, 2011 10.09 AM >> To: 'Acee Lindem' >> Cc: [email protected] >> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >> >> >> Dear Acee, >> >> Just a discrepancy between ospfv2 and ospfv3: >> IN OSPFv2 cryptographic authentication, checksum filed is set >> to zero. IN >> OSPFv3 authentication Trailer, both cryptographic authentication and >> checksum are calculated. Checksum in OSPFv3 covers ipv6 pseudo header, >> entire ospf packet. Covering ospf packet might not be >> necessary in this >> scenario since cryptographic authentication already covers the same. >> >> >> Thanks >> Rajesh >> >> >> This e-mail and attachments contain confidential information >> from HUAWEI, >> which is intended only for the person or entity whose address >> is listed >> above. Any use of the information contained herein in any way >> (including, >> but not limited to, total or partial disclosure, reproduction, or >> dissemination) by persons other than the intended recipient's) is >> prohibited. If you receive this e-mail in error, please >> notify the sender by >> phone or email immediately and delete it! >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Acee >> Lindem >> Sent: Friday, January 07, 2011 8:39 PM >> To: Bhatia, Manav (Manav) >> Cc: [email protected]; Vishwas Manral >> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >> >> Actually I was just making sure everyone was paying attention >> :^) Since I'm >> an author, I'll validate with Abhay and Stewart but I think >> we can move >> forward and make this a WG document. >> >> >> Thanks, >> Acee >> >> On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: >> >> > I am sure Acee meant that the he and the authors would like >> to see this >> draft adopted up as a WG draft. >> > >> > I agree with that sentiment and would request this to be >> accepted as a WG >> document. We've had several mails in the past where this work >> was supported >> and none that was against. >> > >> > Cheers, Manav >> > >> >> -----Original Message----- >> >> From: Acee Lindem [mailto:[email protected]] >> >> Sent: Friday, January 07, 2011 2.11 AM >> >> To: [email protected] >> >> Cc: Bhatia, Manav (Manav); Vishwas Manral >> >> Subject: Supporting Authentication Trailer for OSPFv3 >> >> >> >> Speaking as WG Co-Chair: >> >> >> >> At the last OSPF WG meeting, there was some interest in this >> >> draft. I'm now asking for opinions for and against. >> >> >> >> Speaking as a WG member: >> >> >> >> The authors (myself included) would not like to make this a >> >> WG draft. On the OSPF list and at the OSPF WG meeting, the >> >> only dissent was on along the lines of making IPsec >> >> (including IKEv2) work better with OSPFv3 rather than doing >> >> this. I don't disagree that this should be a goal but I don't >> >> think it should preclude this work. >> >> >> >> Thanks, >> >> Acee >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
