Of course, I meant "intersect" rather than "intercept" below. In other words, a packet from one protocol could potentially also represent a valid packet in another protocol and be replayed. Thanks, Acee
On Oct 26, 2011, at 7:48 PM, Acee Lindem wrote: > This version includes changes in response to the external reviews that have > taken place since we completed WG last call. A few things have been clarified > and the following two items have been added: > > 1. Mitigation of Cross Protocol Attacks by appending a protocol specific > byte to the key. This will prevent replay attacks when the same key is used > by multiple protocols (and the sets of valid input packets intercept). See > sections 4.4 and 4.5. > > 2. Recommendations for authentication key selection have been added to the > "Security Considerations". See section 6. > > Links to be the new version and a nicely annotated diff with the previous > version are included in the forwarded E-mail below. > > Thanks, > Acee > > > > > Begin forwarded message: > > From: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: October 26, 2011 6:19:35 PM EDT > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>>, > "[email protected]<mailto:[email protected]>" > > <[email protected]<mailto:[email protected]>>, > "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: New Version Notification - draft-ietf-ospf-auth-trailer-ospfv3-08.txt > > New version (-08) has been submitted for > draft-ietf-ospf-auth-trailer-ospfv3-08.txt. > http://www.ietf.org/internet-drafts/draft-ietf-ospf-auth-trailer-ospfv3-08.txt > > > Diff from previous version: > http://tools.ietf.org/rfcdiff?url2=draft-ietf-ospf-auth-trailer-ospfv3-08 > > IETF Secretariat. > > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
