Hi Sam, On 01/14/2011 04:34 AM, Sam Hartman wrote:
We could have separate authentication challenge packets. However, the advantage of the current approach is that I think we can get to a point where we have one or two extra packets total for a cold-start situation, rather than an extra packet or two per neighbor. I don't know that the current rules for receiving and sending packets actually achieve this, but I believe we can get there with some minor changes.
I've been giving this some thought, and I think exchanging a couple of additional packets in the cold start situation is more desirable than overloading the Hello packet with an additional security role. The Hello packet already services two very important purposes - discovery and keep alive. It is highly desirable not to add to the processing overhead for these packets.
Have you and the other authors already given thought to a design using a new packet type for challenge/response packets?
Thanks, Michael _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
