Hi Rajesh, What I am trying to say is if vulnerabilities are found in an algorithm just like it is for MD5, a checksum provides an additional layer of security.
Thanks, Vishwas On Tue, Jan 18, 2011 at 9:24 PM, Rajesh Shetty <[email protected]> wrote: > > Hi vishwas, > > In the authentication trailer algorithm its been mandated to use SHA > algorithm. > > Thanks > Rajesh > > > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, > but not limited to, total or partial disclosure, reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the sender by > phone or email immediately and delete it! > > -----Original Message----- > From: Vishwas Manral [mailto:[email protected]] > Sent: Wednesday, January 19, 2011 10:50 AM > To: Bhatia, Manav (Manav) > Cc: Rajesh Shetty; Acee Lindem; [email protected] > Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 > > Hi Manav, > > I dont think you gain much by not calculating checksum. > > You gain a lot as any issues with the authentication algorithm like MD5, the > checksum is another level of protection. > > Thanks, > Vishwas > > On Tue, Jan 18, 2011 at 8:44 PM, Bhatia, Manav (Manav) > <[email protected]> wrote: >> Hi Rajesh, >> >> Yes, you are right. We should add text that says that checksum SHOULD not > be computed and verified when an authentication trailer is attached to an > OSPFv3 packet. >> >> Cheers, Manav >> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On Behalf >>> Of Rajesh Shetty >>> Sent: Wednesday, January 19, 2011 10.09 AM >>> To: 'Acee Lindem' >>> Cc: [email protected] >>> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >>> >>> >>> Dear Acee, >>> >>> Just a discrepancy between ospfv2 and ospfv3: >>> IN OSPFv2 cryptographic authentication, checksum filed is set to >>> zero. IN >>> OSPFv3 authentication Trailer, both cryptographic authentication and >>> checksum are calculated. Checksum in OSPFv3 covers ipv6 pseudo >>> header, entire ospf packet. Covering ospf packet might not be >>> necessary in this scenario since cryptographic authentication already >>> covers the same. >>> >>> >>> Thanks >>> Rajesh >>> >>> >>> This e-mail and attachments contain confidential information from >>> HUAWEI, which is intended only for the person or entity whose address >>> is listed above. Any use of the information contained herein in any >>> way (including, but not limited to, total or partial disclosure, >>> reproduction, or >>> dissemination) by persons other than the intended recipient's) is >>> prohibited. If you receive this e-mail in error, please notify the >>> sender by phone or email immediately and delete it! >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Acee >>> Lindem >>> Sent: Friday, January 07, 2011 8:39 PM >>> To: Bhatia, Manav (Manav) >>> Cc: [email protected]; Vishwas Manral >>> Subject: Re: [OSPF] Supporting Authentication Trailer for OSPFv3 >>> >>> Actually I was just making sure everyone was paying attention >>> :^) Since I'm >>> an author, I'll validate with Abhay and Stewart but I think >>> we can move >>> forward and make this a WG document. >>> >>> >>> Thanks, >>> Acee >>> >>> On Jan 6, 2011, at 8:46 PM, Bhatia, Manav (Manav) wrote: >>> >>> > I am sure Acee meant that the he and the authors would like >>> to see this >>> draft adopted up as a WG draft. >>> > >>> > I agree with that sentiment and would request this to be >>> accepted as a WG >>> document. We've had several mails in the past where this work >>> was supported >>> and none that was against. >>> > >>> > Cheers, Manav >>> > >>> >> -----Original Message----- >>> >> From: Acee Lindem [mailto:[email protected]] >>> >> Sent: Friday, January 07, 2011 2.11 AM >>> >> To: [email protected] >>> >> Cc: Bhatia, Manav (Manav); Vishwas Manral >>> >> Subject: Supporting Authentication Trailer for OSPFv3 >>> >> >>> >> Speaking as WG Co-Chair: >>> >> >>> >> At the last OSPF WG meeting, there was some interest in this >>> >> draft. I'm now asking for opinions for and against. >>> >> >>> >> Speaking as a WG member: >>> >> >>> >> The authors (myself included) would not like to make this a >>> >> WG draft. On the OSPF list and at the OSPF WG meeting, the >>> >> only dissent was on along the lines of making IPsec >>> >> (including IKEv2) work better with OSPFv3 rather than doing >>> >> this. I don't disagree that this should be a goal but I don't >>> >> think it should preclude this work. >>> >> >>> >> Thanks, >>> >> Acee >>> >>> _______________________________________________ >>> OSPF mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ospf >>> >>> _______________________________________________ >>> OSPF mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ospf >>> >> _______________________________________________ >> OSPF mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ospf >> > > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
