ospf-5----Page:4
1 2 3 4 5 6 7 8
|
Major IESG Comments (contd) The following paragraph has poor wording. Needs to be rephrased. “Security concerns MUST be taken away from OSPFv3 protocol and IPv6 stack MUST provide inherent security to OSPFv3 by using AH/ESP extension headers. It means OSPFv3 protocol MUST NOT receive any unauthenticated packets. As OSPFv2 has its own security mechanisms, no inherent security needs to be provided by the IPv4 stack. As OSPFv2 is only for IPv4 and OSPFv3 is only for IPv6, the distinction between the packets can be easily made by IP version.” Changes to the draft: The text will be rephrased. We have suggestion from Russ. Make AES-CBC & HMAC SHA1 a MUST and other non-stream ciphers a SHOULD. Changes to the draft: New text will be added to cover this. The text will be rephrased. We have suggestion from Russ. Reference for mandatory-to-implement is missing. Changes to the draft: Reference to the RFC will be added. |