[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [MSEC] [OSPF] [sidr] [RPSEC] Authentication for OSPFv3
- To: acee at redback.com, vishwas.ietf at gmail.com
- Subject: Re: [MSEC] [OSPF] [sidr] [RPSEC] Authentication for OSPFv3
- From: sandy at tislabs.com (Sandy Murphy)
- Date: Tue, 30 Sep 2008 12:28:23 -0400 (EDT)
- Cc: msec at ietf.org, tsvwg at ietf.org, ospf at ietf.org, rbonica at juniper.net, secdir at mit.edu, rpsec at ietf.org, sidr at ietf.org, rcallon at juniper.net
- Delivered-to: ietfarch-msec-archive at core3.amsl.com
- Delivered-to: msec at core3.amsl.com
- In-reply-to: <77ead0ec0809300842i200798d5ic45f7996a19d57d at mail.gmail.com>
- List-archive: <http://www.ietf.org/pipermail/msec>
- List-help: <mailto:msec-request@ietf.org?subject=help>
- List-id: Multicast Security List <msec.ietf.org>
- List-post: <mailto:msec@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
- Sender: msec-bounces at ietf.org
>I agree to what you say and the general sense of the room in the KMART BOF.
>That is the reason I proposed a BTNS based solution. Which uses GTSM
>in the IKe to do the first level security.
I am not quite sure I understand the use of GTSM here. The need for
authentication for OSPF is that you don't trust that everyone on the
local broadcast link is OK. GTSM tells you that the sender came from
one-hop away, i.e., on the local broadcast link. Since you already know
that you don't trust everyone one-hop away, how does the use of GTSM
help?
--Sandy
_______________________________________________
MSEC mailing list
MSEC at ietf.org
https://www.ietf.org/mailman/listinfo/msec