Hi Manav, modularity argument is not against errata. If there's LLS implementation which does not know on TX that authentication is configured, it's perfectly OK to compute LLS checksum. Errata says that it will not be verified on RX, so implementations which know about authentication do not have to compute checksum.
I'm not saying that RFC6506 is wrong, but that it's forgotten that OSPFv3 has two checksums, one for standard OSPFv3 payload and second for LLS. If RFC6506 tells how to work with checksum for the first part of the packet, it's useful if it also says how to work with checksum for the second part of the packet. For me it's natural that both parts of the packet have same handling. Thanks marek -----Original Message----- From: Bhatia, Manav (Manav) [mailto:[email protected]] Sent: Sunday, March 31, 2013 7:25 AM To: [email protected]; [email protected]; Stewart Bryant (stbryant); [email protected]; Abhay Roy (akr); [email protected] Cc: Marek Karasek (mkarasek); [email protected] Subject: RE: [Technical Errata Reported] RFC6506 (3567) Hi Marek, When constructing the LLS data block it may not always be possible for an implementation to know whether there is authentication being used on a link or not. Sure there are ways for us to figure this out but it may not be a very modular approach (really an implementation specific issue). If you follow rfc 6506 and do as it says then you can always choose NOT to verify the LLS checksum upon reciept and still be compliant to 6506. This way nothing changes - Your original code for LLS still computes the checksum regardless of whether OSPFv3 AT is configured or not. The AT code computes the digest of the packet including the LLS data block. The reciever verifies the AT data block and accepts the packet if it matches with whats carried in the packet. Its now an implementation specific issue whether it wants to verify the LLS checksum or not. Given this I don't think the errata raised is correct - more so, because this isnt really an error in the RFC. Even if we'd discussed this issue when we were writing this RFC we would have left it as an implementation specific behavior at the RX side based on the modularity argument. Based on this argument I would also reject the errata 3568 that has been raised. Cheers, Manav > -----Original Message----- > From: RFC Errata System [mailto:[email protected]] > Sent: Wednesday, March 27, 2013 6:08 PM > To: Bhatia, Manav (Manav); [email protected]; > [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > Cc: [email protected]; [email protected]; [email protected] > Subject: [Technical Errata Reported] RFC6506 (3567) > > The following errata report has been submitted for RFC6506, > "Supporting Authentication Trailer for OSPFv3". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6506&eid=3567 > > -------------------------------------- > Type: Technical > Reported by: Marek Karasek <[email protected]> > > Section: 2.2 > > Original Text > ------------- > Consistent with OSPFv2 Cryptographic Authentication > [RFC2328], both OSPFv3 header checksum calculation and > verification are omitted when the OSPFv3 authentication > mechanism described in this specification is used. > > Corrected Text > -------------- > OSPFv3 authentication mechanism provides capability to detect > corruption of OSPFv3 packet, which is under non authenticated > operation achieved using OSPFv3 header checksum [RFC 5340] and LLS > data block checksum [RFC 5613]. In spirit of OSPFv2 Cryptographic > Authentication [RFC2328], OSPFv3 header checksum and LLS Data Block > Checksum calculation and verification are omitted when the OSPFv3 > authentication mechanism described in this specification is used. > > Notes > ----- > RFC does not specify how to work with LLS Data Block Checksum. Errata > suggests omit checksum calculation/verification in the same way like > for OSPFv3 header checksum. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or rejected. > When a decision is reached, the verifying party (IESG) can log in to > change the status and edit the report, if necessary. > > -------------------------------------- > RFC6506 (draft-ietf-ospf-auth-trailer-ospfv3-11) > -------------------------------------- > Title : Supporting Authentication Trailer for OSPFv3 > Publication Date : February 2012 > Author(s) : M. Bhatia, V. Manral, A. Lindem > Category : PROPOSED STANDARD > Source : Open Shortest Path First IGP > Area : Routing > Stream : IETF > Verifying Party : IESG > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
