[pim] draft-ietf-pim-sm-linklocal-09

To: pim at ietf.org
Subject: [pim] draft-ietf-pim-sm-linklocal-09
From: Bill Atwood <bill at cse.concordia.ca>
Date: Mon, 26 Oct 2009 20:04:39 -0400
Delivered-to: pim at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/pim>
List-help: <mailto:pim-request@ietf.org?subject=help>
List-id: Protocol Independent Multicast <pim.ietf.org>
List-post: <mailto:pim@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
Organization: Concordia University, Department of Computer Science and Software Engineering
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hello,

After AD review, we have updated draft-ietf-pim-sm-linklocal.

Since the last version, it has become clear that the suggested
procedures do not actually affect PIM-SM at all; they are all
implemented in the IPsec modules.  The only link to PIM-SM is that the
IPsec rules protect packets with a destination address of
ALL_PIM_ROUTERS.  (Note that this happens to be true for PIM-SM.  It is
not necessarily true for other routing protocols.  For example, it will
not be true for OSPFv3 (RFC 4552) because OSPFv3 supports virtual
interfaces, for which the IPsec rules have to be installed dynamically.)

Here is a summary of the changes made:

In Sections 4 and 5, we suggest maintaining counters of non-protected
packets and packets for which the authentication check has failed.

In Section 8, figures 2 and 3 are re-drawn.

In Section 9¸ a reference is added to RFC 4107, and the requirement to
change key values periodically is given as SHOULD (in keeping with the
requirements of RFC 4107).

Also, a paragraph is added justifying the use of manual keying, and it
is made clear that once automated keying procedures are available, they
will become mandatory.

In Section 9.1, it is made clear that the suggested procedure is one way
of satisfying the requirements of RFC 4107, and that the three steps
MUST be serialized.

In addition there are various changes to clarify the text.

As a side comment, one of my students has implemented the proposed
procedures this past summer, using the IPsec tools in Linux.  A project
is under way to do the same thing with hardware routers.

  Bill, Salekul, Maziar


-- 

Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
Department of Computer Science
   and Software Engineering
Concordia University EV 3.185     email: bill at cse.concordia.ca
1455 de Maisonneuve Blvd. West    http: //users.encs.concordia.ca/~bill
Montreal, Quebec Canada H3G 1M8

Prev by Date: [pim] I-D Action:draft-ietf-pim-sm-linklocal-09.txt
Next by Date: [pim] Last Call: draft-ietf-pim-sm-linklocal (Authentication and Confidentiality in PIM-SM Link-local Messages) to Proposed Standard
Previous by thread: [pim] I-D Action:draft-ietf-pim-sm-linklocal-09.txt
Next by thread: [pim] Last Call: draft-ietf-pim-sm-linklocal (Authentication and Confidentiality in PIM-SM Link-local Messages) to Proposed Standard
Index(es):
- Date
- Thread

[pim] draft-ietf-pim-sm-linklocal-09

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.