Hi Marek, When constructing the LLS data block it may not always be possible for an implementation to know whether there is authentication being used on a link or not. Sure there are ways for us to figure this out but it may not be a very modular approach (really an implementation specific issue).
If you follow rfc 6506 and do as it says then you can always choose NOT to verify the LLS checksum upon reciept and still be compliant to 6506. This way nothing changes - Your original code for LLS still computes the checksum regardless of whether OSPFv3 AT is configured or not. The AT code computes the digest of the packet including the LLS data block. The reciever verifies the AT data block and accepts the packet if it matches with whats carried in the packet. Its now an implementation specific issue whether it wants to verify the LLS checksum or not. Given this I don't think the errata raised is correct - more so, because this isnt really an error in the RFC. Even if we'd discussed this issue when we were writing this RFC we would have left it as an implementation specific behavior at the RX side based on the modularity argument. Based on this argument I would also reject the errata 3568 that has been raised. Cheers, Manav > -----Original Message----- > From: RFC Errata System [mailto:[email protected]] > Sent: Wednesday, March 27, 2013 6:08 PM > To: Bhatia, Manav (Manav); [email protected]; > [email protected]; [email protected]; > [email protected]; [email protected]; [email protected] > Cc: [email protected]; [email protected]; [email protected] > Subject: [Technical Errata Reported] RFC6506 (3567) > > The following errata report has been submitted for RFC6506, > "Supporting Authentication Trailer for OSPFv3". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6506&eid=3567 > > -------------------------------------- > Type: Technical > Reported by: Marek Karasek <[email protected]> > > Section: 2.2 > > Original Text > ------------- > Consistent with OSPFv2 Cryptographic Authentication > [RFC2328], both OSPFv3 header checksum calculation and > verification are omitted when the OSPFv3 authentication > mechanism described in this specification is used. > > Corrected Text > -------------- > OSPFv3 authentication mechanism provides capability to detect > corruption of OSPFv3 packet, which is under non authenticated > operation achieved using OSPFv3 header checksum [RFC 5340] > and LLS data block checksum [RFC 5613]. In spirit of OSPFv2 > Cryptographic Authentication [RFC2328], OSPFv3 header > checksum and LLS Data Block Checksum calculation and > verification are omitted when the OSPFv3 authentication > mechanism described in this specification is used. > > Notes > ----- > RFC does not specify how to work with LLS Data Block > Checksum. Errata suggests omit checksum > calculation/verification in the same way like for OSPFv3 > header checksum. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, > please use "Reply All" to discuss whether it should be > verified or rejected. When a decision is reached, the > verifying party (IESG) can log in to change the status and > edit the report, if necessary. > > -------------------------------------- > RFC6506 (draft-ietf-ospf-auth-trailer-ospfv3-11) > -------------------------------------- > Title : Supporting Authentication Trailer for OSPFv3 > Publication Date : February 2012 > Author(s) : M. Bhatia, V. Manral, A. Lindem > Category : PROPOSED STANDARD > Source : Open Shortest Path First IGP > Area : Routing > Stream : IETF > Verifying Party : IESG > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
