Hi Vishwas, I think it would be preferable to add a pseudo-header to the authentication trailer calculation than to do both. Thanks, Acee On Jan 19, 2011, at 12:41 AM, Vishwas Manral wrote:
> Hi Rajesh, > > What I am trying to say is if vulnerabilities are found in an > algorithm just like it is for MD5, a checksum provides an additional > layer of security. > > Thanks, > Vishwas > > On Tue, Jan 18, 2011 at 9:24 PM, Rajesh Shetty <[email protected]> wrote: >> >> Hi vishwas, >> >> In the authentication trailer algorithm its been mandated to use SHA >> algorithm. >> >> Thanks >> Rajesh >> >> >> This e-mail and attachments contain confidential information from HUAWEI, >> which is intended only for the person or entity whose address is listed >> above. Any use of the information contained herein in any way (including, >> but not limited to, total or partial disclosure, reproduction, or >> dissemination) by persons other than the intended recipient's) is >> prohibited. If you receive this e-mail in error, please notify the sender by >> phone or email immediately and delete it! >> >> -----Original Message----- >> From: Vishwas Manral [mailto:[email protected]] >> Sent: Wednesday, January 19, 2011 10:50 AM >> To: Bhatia, Manav (Manav) >> Cc: Rajesh Shetty; Acee Lindem; [email protected] >> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >> >> Hi Manav, >> >> I dont think you gain much by not calculating checksum. >> >> You gain a lot as any issues with the authentication algorithm like MD5, the >> checksum is another level of protection. >> >> Thanks, >> Vishwas >> >> On Tue, Jan 18, 2011 at 8:44 PM, Bhatia, Manav (Manav) >> <[email protected]> wrote: >>> Hi Rajesh, >>> >>> Yes, you are right. We should add text that says that checksum SHOULD not >> be computed and verified when an authentication trailer is attached to an >> OSPFv3 packet. >>> >>> Cheers, Manav >>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:[email protected]] On Behalf >>>> Of Rajesh Shetty >>>> Sent: Wednesday, January 19, 2011 10.09 AM >>>> To: 'Acee Lindem' >>>> Cc: [email protected] >>>> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >>>> >>>> >>>> Dear Acee, >>>> >>>> Just a discrepancy between ospfv2 and ospfv3: >>>> IN OSPFv2 cryptographic authentication, checksum filed is set to >>>> zero. IN >>>> OSPFv3 authentication Trailer, both cryptographic authentication and >>>> checksum are calculated. Checksum in OSPFv3 covers ipv6 pseudo >>>> header, entire ospf packet. Covering ospf packet might not be >>>> necessary in this scenario since cryptographic authentication already >>>> covers the same. >>>> >>>> >>>> Thanks >>>> Rajesh >>>> >>>> >>>> This e-mail and attachments contain confidential information from >>>> HUAWEI, which is intended only for the person or entity whose address >>>> is listed above. Any use of the information contained herein in any >>>> way (including, but not limited to, total or partial disclosure, >>>> reproduction, or >>>> dissemination) by persons other than the intended recipient's) is >>>> prohibited. If you receive this e-mail in error, please notify the >>>> sender by phone or email immediately and delete it! >>>> >>>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:[email protected]] On >>>> Behalf Of Acee >>>> Lindem >>>> Sent: Friday, January 07, 2011 8:39 PM >>>> To: Bhatia, Manav (Manav) >>>> Cc: [email protected]; Vishwas Manral >>>> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >>>> >>>> Actually I was just making sure everyone was paying attention >>>> :^) Since I'm >>>> an author, I'll validate with Abhay and Stewart but I think >>>> we can move >>>> forward and make this a WG document. >>>> >>>> >>>> Thanks, >>>> Acee >>>> >>>> On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: >>>> >>>>> I am sure Acee meant that the he and the authors would like >>>> to see this >>>> draft adopted up as a WG draft. >>>>> >>>>> I agree with that sentiment and would request this to be >>>> accepted as a WG >>>> document. We've had several mails in the past where this work >>>> was supported >>>> and none that was against. >>>>> >>>>> Cheers, Manav >>>>> >>>>>> -----Original Message----- >>>>>> From: Acee Lindem [mailto:[email protected]] >>>>>> Sent: Friday, January 07, 2011 2.11 AM >>>>>> To: [email protected] >>>>>> Cc: Bhatia, Manav (Manav); Vishwas Manral >>>>>> Subject: Supporting Authentication Trailer for OSPFv3 >>>>>> >>>>>> Speaking as WG Co-Chair: >>>>>> >>>>>> At the last OSPF WG meeting, there was some interest in this >>>>>> draft. I'm now asking for opinions for and against. >>>>>> >>>>>> Speaking as a WG member: >>>>>> >>>>>> The authors (myself included) would not like to make this a >>>>>> WG draft. On the OSPF list and at the OSPF WG meeting, the >>>>>> only dissent was on along the lines of making IPsec >>>>>> (including IKEv2) work better with OSPFv3 rather than doing >>>>>> this. I don't disagree that this should be a goal but I don't >>>>>> think it should preclude this work. >>>>>> >>>>>> Thanks, >>>>>> Acee >>>> >>>> _______________________________________________ >>>> OSPF mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ospf >>>> >>>> _______________________________________________ >>>> OSPF mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ospf >>>> >>> _______________________________________________ >>> OSPF mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ospf >>> >> >> > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
