Dear All,
AT Bit Definition: AT bit must be set in all ospfv3 protocol packets that contain an authentication trailer. On the receiving side authentication trailer is only examined if AT bit is set. Consider a scenario where authentication trailer draft is supported by all the routers and authentication is configured on receiving side but not on sending side. Even in this scenario receiving side will successfully accept the packet (Since AT bit is not set), this is a security threat. Please correct me if I am missing something. Thanks Rajesh This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Acee Lindem Sent: Friday, January 07, 2011 8:39 PM To: Bhatia, Manav (Manav) Cc: [email protected]; Vishwas Manral Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 Actually I was just making sure everyone was paying attention :^) Since I'm an author, I'll validate with Abhay and Stewart but I think we can move forward and make this a WG document. Thanks, Acee On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: > I am sure Acee meant that the he and the authors would like to see this draft adopted up as a WG draft. > > I agree with that sentiment and would request this to be accepted as a WG document. We've had several mails in the past where this work was supported and none that was against. > > Cheers, Manav > >> -----Original Message----- >> From: Acee Lindem [mailto:[email protected]] >> Sent: Friday, January 07, 2011 2.11 AM >> To: [email protected] >> Cc: Bhatia, Manav (Manav); Vishwas Manral >> Subject: Supporting Authentication Trailer for OSPFv3 >> >> Speaking as WG Co-Chair: >> >> At the last OSPF WG meeting, there was some interest in this >> draft. I'm now asking for opinions for and against. >> >> Speaking as a WG member: >> >> The authors (myself included) would not like to make this a >> WG draft. On the OSPF list and at the OSPF WG meeting, the >> only dissent was on along the lines of making IPsec >> (including IKEv2) work better with OSPFv3 rather than doing >> this. I don't disagree that this should be a goal but I don't >> think it should preclude this work. >> >> Thanks, >> Acee _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
