[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
- To: "Acee Lindem" <acee at redback.com>
- Subject: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
- From: "Vishwas Manral" <vishwas.ietf at gmail.com>
- Date: Tue, 30 Sep 2008 21:12:18 +0530
- Cc: msec at ietf.org, tsvwg at ietf.org, rpsec at ietf.org, secdir at mit.edu, OSPF List <ospf at ietf.org>, David Ward <dward at cisco.com>, sidr at ietf.org, Ross Callon <rcallon at juniper.net>
- Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
- Delivered-to: rpsec at core3.amsl.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ZfukToRpUEYzI910/NW2dROJLeFPGQzANQu+xjezZes=; b=Ht9rDJWsO8rad3+Gk7+OUAH4P7aLIriNGiQafd3xA9pK6pK0kQ+hAe2lIfXkahLWJ+ JnJdp51GOstUlw2lIQW/M+OnvlEIM83wEYTgHuOQ7OMUJ+UBD8RqTxdTEx2zLA8GMlOO hsyPD9Lqt8li48SoNYlMHJIs1urEz6nKClChM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=oVX2OzkqQTYvofh/UdIHpKkIlxWLekxJHe6sOlBSyzZbonMjVb3bB813XsOLimwRDz 4HSPUUzWC/zTnW5x2xkbXaj7iE/iRiu+0b8Jn4U5P7YsukhCqx42Gvhm2OBLIhWvnKol 0+ehgjMP//kq34dShjFjXIS53aGF7gEIzZtzc=
- In-reply-to: <BAD965BE-053F-4296-B0F7-CF0F2C9C0779 at redback.com>
- List-archive: <http://www.ietf.org/pipermail/rpsec>
- List-help: <mailto:rpsec-request@ietf.org?subject=help>
- List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
- List-post: <mailto:rpsec@ietf.org>
- List-subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
- References: <48D96507.4000207 at sri.com> <20080929200231.3E5DD3F443 at pecan.tislabs.com> <77ead0ec0809291853t63940339xc826b13cf5515176 at mail.gmail.com> <C50382B8-74EB-4157-9043-56CB1D3F8594 at cisco.com> <BAD965BE-053F-4296-B0F7-CF0F2C9C0779 at redback.com>
- Sender: rpsec-bounces at ietf.org
Hi Acee,
I agree to what you say and the general sense of the room in the KMART BOF.
That is the reason I proposed a BTNS based solution. Which uses GTSM
in the IKe to do the first level security.
Also as IGP run within an administrative domain we can actually do
without third party verification.
Hi Dave,
Thanks for your help and shepherding as always.
The issue about adopting the draft was raised in the OPSEC WG by the
chair Joel, however we only had a handful of mails saying the draft
was within the scope (though none were opposed to it).
Thanks,
Vishwas
On 9/30/08, Acee Lindem <acee at redback.com> wrote:
> One thing to take into consideration is that the outcome of our KMART
> BOF was that nobody deploying networks wanted routing infra-structure
> based on a third-part verified certificates.
> Thanks,
> Acee
> On Sep 30, 2008, at 10:57 AM, David Ward wrote:
>
>> Directions are to send your draft to opsec WG. To get it on their
>> charter, you have to request the doc to become a WG item and then
>> discussion will follow
>>
>> -DWard
>>
>> On Sep 29, 2008, at 8:53 PM, Vishwas Manral wrote:
>>
>>> Hi Sandy,
>>>
>>> Thanks for refering to my draft in your mail. The same was presented
>>> by Dave (Ward) in the last IETF. Regarding the state of the draft,
>>> because the RPSEC is closing down, we have been trying to find a home
>>> for the draft.
>>>
>>> We can also solve the problem similarly by something like
>>> BTNS(ofcourse Multicast part needs to be thought further) which does
>>> not necessarily require any certificate verification - so we may have
>>> unauthenticated IKE SA's but then all keys for the CHILD_SA from
>>> there
>>> are automatically generated.
>>>
>>> Thanks,
>>> Vishwas
>>>
>>>
>> _______________________________________________
>> OSPF mailing list
>> OSPF at ietf.org
>> https://www.ietf.org/mailman/listinfo/ospf
>
>
_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www.ietf.org/mailman/listinfo/rpsec