[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securing OSPFv3

To: <itojun@iijlab.net>, <v6ops@ops.ietf.org>
Subject: Securing OSPFv3
From: <Rod.VanMeter@nokia.com>
Date: Wed, 18 Sep 2002 14:32:43 -0700
Delivery-date: Wed, 18 Sep 2002 14:34:05 -0700
Envelope-to: v6ops-data@psg.com
Thread-index: AcJfRIKnfKNNfw5KT2Cic97DVY4QGgAFY4eA
Thread-topic: memo, 1st day AM 2

If you haven't seen it, draft-gupta-ospf-ospfv3-auth-01.txt
clarifies how to really make IPSec for OSPFv3 work.  The
keying is static, and the peculiarities of multicast and
IPSec mean for example that replay protection must be turned
off.  It's all the details needed to make "use IPSec" reality.

As noted in the discussion, doesn't solve any of the
managerial problems of keying a large number of routers
and managing them, and everybody on the same link has to
share the same key.  But, no worse than IPv4.

I believe this was presented as an individual submission
in the routing area at Yokohama.

			--Rod

Prev by Date: Re: renumbering
Next by Date: raw thoughts on v6 firewalls
Previous by thread: draft-ietf-ngtrans-ipv4survey-02.txt
Next by thread: Re: Securing OSPFv3
Index(es):
- Date
- Thread