[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OSPF WG Minutes

To: OSPF at PEACH.EASE.LSOFT.COM
Subject: Re: OSPF WG Minutes
From: Vishwas Manral <Vishwas at SINETT.COM>
Date: Mon, 15 Aug 2005 21:34:42 -0700
Reply-to: Mailing List <OSPF at PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF at PEACH.EASE.LSOFT.COM>
Thread-index: AcWhpoh7BmLR6MNUSRm4gKBsujpcYgAdK//w
Thread-topic: OSPF WG Minutes

Hi Acee,

> Acee: In practice, for OSPFv2 the sequence numbers are not monotically
> increasing; Usage of router's clock for cryptographic sequence number 
> generation reduces the chance for replay attacks across restarts. 
> ?: OSPF spec does not say it ...
Acee, what I meant was that although the OSPF spec does not state that
we need to use clocks. 

I think the vulnerabilities draft is the right place to state the
problems that can happen if we do not use a clock (or something
equivalent which increments even when a system goes down).

Another issue is that even if the sender uses clock for the "sequence
number" and goes down, all the packets of a previous session can still
be replayed by another router. So the chance of replay attacks is still
there.

Thanks,
Vishwas
-----Original Message-----
From: Mailing List [mailto:OSPF at PEACH.EASE.LSOFT.COM] On Behalf Of Acee
Lindem
Sent: Monday, August 15, 2005 7:50 PM
To: OSPF at PEACH.EASE.LSOFT.COM
Subject: OSPF WG Minutes

Attached are the minutes from the Paris OSPF WG meeting. Thanks to
Dimitri for taking them.

Acee

Follow-Ups:
- Re: OSPF WG Minutes
  - From: Acee Lindem
- NSSA summarization
  - From: Ajay Thakur

Prev by Date: Re: RFC 2370 Update and a Proposed Change to Stub Area Behavior
Next by Date: NSSA summarization
Previous by thread: OSPF WG Minutes
Next by thread: NSSA summarization
Index(es):
- Date
- Thread