There have been a couple errata filed on RFC 6505 (authors copied). As a
service to the
OSPF community and in an effort to ensure interoperable OSPFv3 authentication
trailer implementations, I have produced a BIS draft. The changes are listed in
section 1.2:
1.2. Summary of Changes from RFC 6506
This document includes the following changes from RFC 6506 [RFC6506]:
1. Sections 2.2 and 4.2 explicitly state the Link-Local Signalling
(LLS) block checksum calculation is omitted when an OSPFv3
authentication is used. The LLS block is included in the
authentication digest calculation and computation of a checksum
is unneccessary. Clarification of this issue was raised in an
errata.
2. Section 4.5 includes a correction to the key preparation to use
the protocol specific key (Ks) rather than the key (K) as the
initial key (Ko). This problem was also raised in an errata.
3. Section 4.5 also includes a discussion of the choice of key
length to be the hash length (L) rather than the block size (B).
The discussion of this choice was included to clarify an issue
raised in a rejected errata.
4. Section 4.1 indicates that sequence number checking is dependent
on OSPFv3 packet type in order to account for packet
prioritization as specified in [RFC4222]. This was an omission
from RFC 6506.
I would like to quickly move this to an OSPF WG document and begin the review
process. I'm now soliciting feedback on OSPF WG adoption.
Thanks,
Acee
On May 9, 2013, at 1:43 PM, <[email protected]>
wrote:
>
> A new version of I-D, draft-acee-ospf-rfc6506bis-01.txt
> has been successfully submitted by Manav Bhatia and posted to the
> IETF repository.
>
> Filename: draft-acee-ospf-rfc6506bis
> Revision: 01
> Title: Supporting Authentication Trailer for OSPFv3
> Creation date: 2013-05-09
> Group: Individual Submission
> Number of pages: 25
> URL:
> http://www.ietf.org/internet-drafts/draft-acee-ospf-rfc6506bis-01.txt
> Status: http://datatracker.ietf.org/doc/draft-acee-ospf-rfc6506bis
> Htmlized: http://tools.ietf.org/html/draft-acee-ospf-rfc6506bis-01
> Diff:
> http://www.ietf.org/rfcdiff?url2=draft-acee-ospf-rfc6506bis-01
>
> Abstract:
> Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism
> for authenticating protocol packets. This behavior is different from
> authentication mechanisms present in other routing protocols (OSPFv2,
> Intermediate System to Intermediate System (IS-IS), RIP, and Routing
> Information Protocol Next Generation (RIPng)). In some environments,
> it has been found that IPsec is difficult to configure and maintain
> and thus cannot be used. This document defines an alternative
> mechanism to authenticate OSPFv3 protocol packets so that OSPFv3 does
> not only depend upon IPsec for authentication. This document
> obsoletes RFC 6506.
>
>
>
>
> The IETF Secretariat
>
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf
