[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication

To: isis-wg at ietf.org
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
From: "Tom Sanders" <toms.sanders at gmail.com>
Date: Wed, 3 May 2006 05:26:16 +0530
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=SY3mQpOc0ATaFGqypzGT+SgPRBsRP9JINnwZl48LreJIfmxk6szdQijKlbZTMqk4qK4/46Rse5pjSmXW0voWIgpHip0HyG4VUPRUTQMw+wCn0ekXgXuhklGmorqnDqAYG5ZyY1Ox8xVZX5rNIUtwRgN4ZyzCRIhjbaCJQz2cEq8=
List-archive: <http://www1.ietf.org/pipermail/isis-wg>
List-help: <mailto:isis-wg-request@ietf.org?subject=help>
List-id: IETF IS-IS working group <isis-wg.ietf.org>
List-post: <mailto:isis-wg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>

Hi Manav,

I was wondering if you could explain me how the fact that the LSP
lifetime is set to zero can be exploited by someone even when using
HMAC-SHA authentication algorithms, as proposed in your draft?

You mention that some hash functions require all the fields of the
message text T to be filled with non zero values. If so, then will it
not result in interop issues, where one vendor decides to use non zero
values and the other decides to fill some fields with zeros?

Toms.

P.S.
Overall the draft looks complete and in good shape!

----- Original Message ----
From: Manav Bhatia <manav_bhatia06 at yahoo.co.uk>
To: isis-wg at ietf.org
Sent: Tuesday, 2 May, 2006 6:08:00 AM
Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication

Hi,

We have updated the draft to include HMAC-SHA-384 and HMAC-SHA-512
authentication modes. There were some other minor comments as well
that we had received. Those have been addressed in this version.

http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-hmac-sha-01.txt

Would appreciate a feedback from the WG.

Cheers,
Manav

----- Original Message ----
From: Vishwas Manral <vishwas at ipinfusion.com>
To: isis-wg at ietf.org
Sent: Saturday, 22 April, 2006 6:55:51 AM
Subject: RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication


Hi Hannes,

I mostly agree with Tony here, except for a very corner case where we
can amplify
a DoS because we have multiple keys to choose between at the receiver during Key
Rollover.

--
Toms.

_______________________________________________
Isis-wg mailing list
Isis-wg at ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

Follow-Ups:
- RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
  - From: Manav Bhatia

Prev by Date: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
Next by Date: RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
Previous by thread: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
Next by thread: RE: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
Index(es):
- Date
- Thread