Hi vishwas, In the authentication trailer algorithm its been mandated to use SHA algorithm.
Thanks Rajesh This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: Vishwas Manral [mailto:[email protected]] Sent: Wednesday, January 19, 2011 10:50 AM To: Bhatia, Manav (Manav) Cc: Rajesh Shetty; Acee Lindem; [email protected] Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 Hi Manav, I dont think you gain much by not calculating checksum. You gain a lot as any issues with the authentication algorithm like MD5, the checksum is another level of protection. Thanks, Vishwas On Tue, Jan 18, 2011 at 8:44 PM, Bhatia, Manav (Manav) <[email protected]> wrote: > Hi Rajesh, > > Yes, you are right. We should add text that says that checksum SHOULD not be computed and verified when an authentication trailer is attached to an OSPFv3 packet. > > Cheers, Manav > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of Rajesh Shetty >> Sent: Wednesday, January 19, 2011 10.09 AM >> To: 'Acee Lindem' >> Cc: [email protected] >> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >> >> >> Dear Acee, >> >> Just a discrepancy between ospfv2 and ospfv3: >> IN OSPFv2 cryptographic authentication, checksum filed is set to >> zero. IN >> OSPFv3 authentication Trailer, both cryptographic authentication and >> checksum are calculated. Checksum in OSPFv3 covers ipv6 pseudo >> header, entire ospf packet. Covering ospf packet might not be >> necessary in this scenario since cryptographic authentication already >> covers the same. >> >> >> Thanks >> Rajesh >> >> >> This e-mail and attachments contain confidential information from >> HUAWEI, which is intended only for the person or entity whose address >> is listed above. Any use of the information contained herein in any >> way (including, but not limited to, total or partial disclosure, >> reproduction, or >> dissemination) by persons other than the intended recipient's) is >> prohibited. If you receive this e-mail in error, please notify the >> sender by phone or email immediately and delete it! >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Acee >> Lindem >> Sent: Friday, January 07, 2011 8:39 PM >> To: Bhatia, Manav (Manav) >> Cc: [email protected]; Vishwas Manral >> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >> >> Actually I was just making sure everyone was paying attention >> :^) Since I'm >> an author, I'll validate with Abhay and Stewart but I think >> we can move >> forward and make this a WG document. >> >> >> Thanks, >> Acee >> >> On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: >> >> > I am sure Acee meant that the he and the authors would like >> to see this >> draft adopted up as a WG draft. >> > >> > I agree with that sentiment and would request this to be >> accepted as a WG >> document. We've had several mails in the past where this work >> was supported >> and none that was against. >> > >> > Cheers, Manav >> > >> >> -----Original Message----- >> >> From: Acee Lindem [mailto:[email protected]] >> >> Sent: Friday, January 07, 2011 2.11 AM >> >> To: [email protected] >> >> Cc: Bhatia, Manav (Manav); Vishwas Manral >> >> Subject: Supporting Authentication Trailer for OSPFv3 >> >> >> >> Speaking as WG Co-Chair: >> >> >> >> At the last OSPF WG meeting, there was some interest in this >> >> draft. I'm now asking for opinions for and against. >> >> >> >> Speaking as a WG member: >> >> >> >> The authors (myself included) would not like to make this a >> >> WG draft. On the OSPF list and at the OSPF WG meeting, the >> >> only dissent was on along the lines of making IPsec >> >> (including IKEv2) work better with OSPFv3 rather than doing >> >> this. I don't disagree that this should be a goal but I don't >> >> think it should preclude this work. >> >> >> >> Thanks, >> >> Acee >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> > _______________________________________________ > OSPF mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ospf > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
