Hi Rajesh, You are correct. I thought that this was in the draft but see that it is not. Right, we should drop packets with the AT Bit clear when authentication is configured on the receiving side. OSPFv3 will drop packets not containing the options field (LS-Request, LS-Update, and Ack) if the adjacency is not in Exchange state or higher.
Thanks, Acee On Jan 19, 2011, at 5:19 AM, Rajesh Shetty wrote: > Dear All, > > AT Bit Definition: > AT bit must be set in all ospfv3 protocol packets that contain an > authentication trailer. On the receiving side authentication trailer is only > examined if AT bit is set. > > Consider a scenario where authentication trailer draft is supported by all > the routers and authentication is configured on receiving side but not on > sending side. Even in this scenario receiving side will successfully accept > the packet (Since AT bit is not set), this is a security threat. > > Please correct me if I am missing something. > > Thanks > Rajesh > > > > > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, but > not limited to, total or partial disclosure, reproduction, or dissemination) > by persons other than the intended recipient's) is prohibited. If you receive > this e-mail in error, please notify the sender by phone or email immediately > and delete it! > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Acee > Lindem > Sent: Friday, January 07, 2011 8:39 PM > To: Bhatia, Manav (Manav) > Cc: [email protected]; Vishwas Manral > Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 > > Actually I was just making sure everyone was paying attention :^) Since I'm > an author, I'll validate with Abhay and Stewart but I think we can move > forward and make this a WG document. > > > Thanks, > Acee > > On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: > > > I am sure Acee meant that the he and the authors would like to see this > > draft adopted up as a WG draft. > > > > I agree with that sentiment and would request this to be accepted as a WG > > document. We've had several mails in the past where this work was supported > > and none that was against. > > > > Cheers, Manav > > > >> -----Original Message----- > >> From: Acee Lindem [mailto:[email protected]] > >> Sent: Friday, January 07, 2011 2.11 AM > >> To: [email protected] > >> Cc: Bhatia, Manav (Manav); Vishwas Manral > >> Subject: Supporting Authentication Trailer for OSPFv3 > >> > >> Speaking as WG Co-Chair: > >> > >> At the last OSPF WG meeting, there was some interest in this > >> draft. I'm now asking for opinions for and against. > >> > >> Speaking as a WG member: > >> > >> The authors (myself included) would not like to make this a > >> WG draft. On the OSPF list and at the OSPF WG meeting, the > >> only dissent was on along the lines of making IPsec > >> (including IKEv2) work better with OSPFv3 rather than doing > >> this. I don't disagree that this should be a goal but I don't > >> think it should preclude this work. > >> > >> Thanks, > >> Acee > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
