[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Securing OSPFv3
>If you haven't seen it, draft-gupta-ospf-ospfv3-auth-01.txt
>clarifies how to really make IPSec for OSPFv3 work. The
>keying is static, and the peculiarities of multicast and
>IPSec mean for example that replay protection must be turned
>off. It's all the details needed to make "use IPSec" reality.
>
>As noted in the discussion, doesn't solve any of the
>managerial problems of keying a large number of routers
>and managing them, and everybody on the same link has to
>share the same key. But, no worse than IPv4.
>
>I believe this was presented as an individual submission
>in the routing area at Yokohama.
thank you for info, and PIM-SM work is already there, i guess only
remaining major one is RIPng. BGP is unicast so it's easy.
(not sure about IS-IS)
draft-irtf-gsec-pim-sm-security-issues-01.txt
itojun