On Aug 18, 2009, at 3:48 PM, Shahram Davari wrote: Hi, Reading through base draft, it seems that the suggested Authentication methods (password, MD5 and SHA1) are all very weak authentications and not really used any more.
It seems like "very weak" is perhaps overstated, at least with regard to MD5 and SHA1, given the environment and the way it's applied. Is it too late to propose another simple but yet powerful Authentication such as GMAC?
The spec is extensible; please feel free to submit a proposal to the working group. Also since the Authentication Type is communicated in each packet does it mean that it is allowed to change Authentication type in the middle of a BFD session?
One could imagine such a thing, but it would require some form of out-of-band communication between the systems in order to establish it. One could imagine switching authentication types in the same way that it is possible to switch key IDs.
|
