Are there any implementations of this draft? There is, what I consider, a
mistake in the source address protection. I¹d like to make it consistent
with RFC 7166. Rather than repeating the IP Source Address (L/4) times in
Apad, it is included once the same as is done with the IPv6 address in RFC
7166. Does this cause anyone any incompatibilities with deployed
implementations?
OLD:
OSPF routers sending OSPF packets must initialize Apad to the value
of the IP source address that would be used when sending an OSPFv2
packet, repeated L/4 times, where L is the length of the hash,
measured in octets. The basic idea is to incorporate the IP source
address from the IP header in the cryptographic authentication
computation so that any change of IP source address in a replayed
packet can be detected.
NEW:
OSPF routers sending OSPF packets must initialize the first 4 octets
of Apad to the value of the IP source address that would be used when
sending the OSPFv2 packet. The remainder of Apad will contain
the value of 0x878FE1F3 repeated (L - 4)/4 times, where L is the
length of the hash, measured in octets. The basic idea is to
incorporate the IP source address from the IP header in the
cryptographic authentication computation so that any change of IP
source address in a replayed packet can be detected.
Thanks,
Acee
_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf
