I guess everyone agree with this draft change? Thanks, Acee On 11/3/14, 12:57 PM, "Acee Lindem (acee)" <a...@cisco.com> wrote:
>Are there any implementations of this draft? There is, what I consider, a >mistake in the source address protection. I¹d like to make it consistent >with RFC 7166. Rather than repeating the IP Source Address (L/4) times in >Apad, it is included once the same as is done with the IPv6 address in RFC >7166. Does this cause anyone any incompatibilities with deployed >implementations? > > OLD: > OSPF routers sending OSPF packets must initialize Apad to the value > of the IP source address that would be used when sending an OSPFv2 > packet, repeated L/4 times, where L is the length of the hash, > measured in octets. The basic idea is to incorporate the IP source > address from the IP header in the cryptographic authentication > computation so that any change of IP source address in a replayed > packet can be detected. > > NEW: > OSPF routers sending OSPF packets must initialize the first 4 octets > of Apad to the value of the IP source address that would be used when > sending the OSPFv2 packet. The remainder of Apad will contain > the value of 0x878FE1F3 repeated (L - 4)/4 times, where L is the > length of the hash, measured in octets. The basic idea is to > incorporate the IP source address from the IP header in the > cryptographic authentication computation so that any change of IP > source address in a replayed packet can be detected. > >Thanks, > >Acee > _______________________________________________ OSPF mailing list OSPF@ietf.org https://www.ietf.org/mailman/listinfo/ospf
