[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securing OSPFv3



If you haven't seen it, draft-gupta-ospf-ospfv3-auth-01.txt
clarifies how to really make IPSec for OSPFv3 work.  The
keying is static, and the peculiarities of multicast and
IPSec mean for example that replay protection must be turned
off.  It's all the details needed to make "use IPSec" reality.

As noted in the discussion, doesn't solve any of the
managerial problems of keying a large number of routers
and managing them, and everybody on the same link has to
share the same key.  But, no worse than IPv4.

I believe this was presented as an individual submission
in the routing area at Yokohama.

			--Rod