Hi Michael, Clipped from RFC 5709:
"Key Identifier (KeyID) This is an 8-bit unsigned value used to uniquely identify an OSPFv2 SA and is configured either by the router administrator (or, in the future, possibly by some key management protocol specified by the IETF). The receiver uses this to locate the appropriate OSPFv2 SA to use. The sender puts this KeyID value in the OSPF packet based on the active OSPF configuration." Do you still think that this needs to be renamed? Given that the authentication mechanism to be used will be a part of the Security Association. Also given that a Key ID uniquely identifies an SA. Shouldn't we just continue using KeyID? Cheers, Manav > -----Original Message----- > From: Michael Barnes [mailto:[email protected]] > Sent: Wednesday, January 26, 2011 10.17 AM > To: Bhatia, Manav (Manav); OSPF List > Subject: Re: [OSPF] AUTH TYPE > > Hi Manav, > > I think it's fine to use the Key ID to also indicate the > authentication > type. However the name Key ID seems inappropriate since it > now indicates > more than just the key. I suggest to use a different name for this > field, such as SA ID. > > Regards, > Michael > > On 01/24/2011 03:07 PM, Bhatia, Manav (Manav) wrote: > > > > Hi Rajesh, > > I agree that such a distinction is indeed required. > However, cant the > > KeyID be used for such purposes? How about also associating the > > authentication type with the Key ID. Thus one knows that if > the incoming > > packet is coming with KeyID X then its normal cryptographic > > authentication, and if its coming with Y, then its the > crypto session > > with Session ID and Nonce. This would also dictate how this packet > > should be further parsed. > > I am btw also amenable to the idea of breaking the 16 bit > reserved field > > into an 8 bit reserved field and an 8 bit AuType field. > However, just > > want to make sure that we absolutely need this before doing it. > > Would also like to hear what others in WG think about this. > > Cheers, Manav > > > > *From:* [email protected] [mailto:[email protected]] *On > > Behalf Of *Rajesh Shetty > > *Sent:* Friday, January 21, 2011 7.32 AM > > *To:* [email protected] > > *Subject:* [OSPF] AUTH TYPE > > > > Hi Manav, > > > > Auth Type we might need to add in AT(Authentication > Trailer) Header > > for extensibility. > > > > Currently itself we can see the usage of Auth Type. > > > > Auth Type = 0 = Cryptographic authentication > > > > Auth Type = 1 (May be) = Cryptographic authentication > with Session > > ID/Nonce support (security extension for ospfv3 when > using manual > > key management) > > > > So its better to replace Reserved filed with Auth Type. > > > > Thanks > > > > Rajesh. > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
