In message <[email protected]> Acee Lindem writes: > > Hi Srini, > > The fact that graceful restart will be more difficult is part of the > cost of implementing this draft. One of the jobs of the OSPF WG is > determining whether the "medicine is worse than the disease". In this > case, the disease is well-timed replay attacks and the medicine is the > proposed solution. > > Thanks, > Acee
Acee, et al. I hope no one minds that I trimmed the rest of the context. It should be possible to on startup negociate a new initial sequence number through an exchange that involves the exchange of an encrypted or authenticated challenge using a shared key. This would involve additional protocol exchange which is in neither of the security drafts being considered, but either could be changed. Do so would allow the replay attack problem to be addressed without creating a new problem due to forgetting the last sequence number that was used after a gracefull restart wakeup. If we are going to go to this extent, adding a negociation step, then you might also want to add an option to exchange an encrypted session key to avoid an attack where enough "in the clear" information is authenticated to guess the key in use. I can barely keep up with IETF email so I'd rather someone else pick this idea up if its thought to be a good idea (maybe it isn't). Now back to lurking. Curtis _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
