As I do with all drafts that are ready to progress, I have done my AD review of this draft-ietf-ospf-security-extension-manual-keying-08. In this case, I apologize for it taking so long.
The draft is very clear and well-written. I do have a few comments, but I have sent it to IETF Last Call for review while we discuss. Assuming that goes smoothly and comments (including mine below) are taken into account, I expect the draft to go to IESG telechat for Oct 30. Major Comment: My one concern is that in Section 3, it says: "Additionally, the 64-bit sequence number is moved to the first 64-bits following the OSPFv2 packet and is protected by the authentication digest." but I do not see any other place where RFC 5709 is updated to include that sequence number. In Sec 3.3, RFC 5709 says: First-Hash = H(Ko XOR Ipad || (OSPFv2 Packet)) and I think it would be most excellent for this draft to clearly update that to be (OSPFv2 Packet + Sequence Number). Minor Comments: Should the meta-data and header indicate that this updated RFC 5709? It certainly looks like it. Thanks for the hard work on a good draft to make routing more secure! Alia
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
