Hi Manav,
Yes. The name Key ID in v2 is archaic. When it was defined there was no
choice of algorithm. It's no longer accurate but we continue to use it
for continuity. I think we can break the tradition and use a more
accurate name for v3.
Regards,
Michael
On 01/25/2011 09:03 PM, Bhatia, Manav (Manav) wrote:
Hi Michael,
Clipped from RFC 5709:
"Key Identifier (KeyID)
This is an 8-bit unsigned value used to uniquely identify an
OSPFv2 SA and is configured either by the router administrator
(or, in the future, possibly by some key management protocol
specified by the IETF). The receiver uses this to locate the
appropriate OSPFv2 SA to use. The sender puts this KeyID value in
the OSPF packet based on the active OSPF configuration."
Do you still think that this needs to be renamed?
Given that the authentication mechanism to be used will be a part of the
Security Association. Also given that a Key ID uniquely identifies an SA.
Shouldn't we just continue using KeyID?
Cheers, Manav
-----Original Message-----
From: Michael Barnes [mailto:[email protected]]
Sent: Wednesday, January 26, 2011 10.17 AM
To: Bhatia, Manav (Manav); OSPF List
Subject: Re: [OSPF] AUTH TYPE
Hi Manav,
I think it's fine to use the Key ID to also indicate the
authentication
type. However the name Key ID seems inappropriate since it
now indicates
more than just the key. I suggest to use a different name for this
field, such as SA ID.
Regards,
Michael
On 01/24/2011 03:07 PM, Bhatia, Manav (Manav) wrote:
Hi Rajesh,
I agree that such a distinction is indeed required.
However, cant the
KeyID be used for such purposes? How about also associating the
authentication type with the Key ID. Thus one knows that if
the incoming
packet is coming with KeyID X then its normal cryptographic
authentication, and if its coming with Y, then its the
crypto session
with Session ID and Nonce. This would also dictate how this packet
should be further parsed.
I am btw also amenable to the idea of breaking the 16 bit
reserved field
into an 8 bit reserved field and an 8 bit AuType field.
However, just
want to make sure that we absolutely need this before doing it.
Would also like to hear what others in WG think about this.
Cheers, Manav
*From:* [email protected] [mailto:[email protected]] *On
Behalf Of *Rajesh Shetty
*Sent:* Friday, January 21, 2011 7.32 AM
*To:* [email protected]
*Subject:* [OSPF] AUTH TYPE
Hi Manav,
Auth Type we might need to add in AT(Authentication
Trailer) Header
for extensibility.
Currently itself we can see the usage of Auth Type.
Auth Type = 0 = Cryptographic authentication
Auth Type = 1 (May be) = Cryptographic authentication
with Session
ID/Nonce support (security extension for ospfv3 when
using manual
key management)
So its better to replace Reserved filed with Auth Type.
Thanks
Rajesh.
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf
