[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securing OSPFv3

To: Rod.VanMeter@nokia.com
Subject: Re: Securing OSPFv3
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Thu, 19 Sep 2002 07:18:54 +0900
Cc: v6ops@ops.ietf.org
Delivery-date: Wed, 18 Sep 2002 15:19:28 -0700
Envelope-to: v6ops-data@psg.com

>If you haven't seen it, draft-gupta-ospf-ospfv3-auth-01.txt
>clarifies how to really make IPSec for OSPFv3 work.  The
>keying is static, and the peculiarities of multicast and
>IPSec mean for example that replay protection must be turned
>off.  It's all the details needed to make "use IPSec" reality.
>
>As noted in the discussion, doesn't solve any of the
>managerial problems of keying a large number of routers
>and managing them, and everybody on the same link has to
>share the same key.  But, no worse than IPv4.
>
>I believe this was presented as an individual submission
>in the routing area at Yokohama.

	thank you for info, and PIM-SM work is already there, i guess only
	remaining major one is RIPng.  BGP is unicast so it's easy.
	(not sure about IS-IS)

	draft-irtf-gsec-pim-sm-security-issues-01.txt

itojun

Prev by Date: Re: renumbering
Next by Date: My slides
Previous by thread: Securing OSPFv3
Next by thread: raw thoughts on v6 firewalls
Index(es):
- Date
- Thread