[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on draft-ietf-manet-olsr-11
- To: Alex Zinin <zinin@psg.com>, iesg-secretary@ietf.org
- Subject: Comments on draft-ietf-manet-olsr-11
- From: Russ Housley <housley@vigilsec.com>
- Date: Wed, 09 Jul 2003 14:00:25 -0400
- Cc: iesg@ietf.org
- In-reply-to: <107233756944.20030702151607@psg.com>
- References: <20030702184547.5fb16a1e.T.Clausen@computer.org><20030702184547.5fb16a1e.T.Clausen@computer.org>
Optimized Link State Routing Protocol (Experimental)
<draft-ietf-manet-olsr-11.txt>
In section 20.1, I asked the authors to provide a reference to at least
one "regular cryptographic technique" for confidentiality. The authors
included a reference to PGP. PGP is traditionally used at the application
layer. I expected a reference to IPsec ESP, which does include support for
multicast traffic. If PGP is a better fit in this situation, it deserves
explanation.
In section 20.2, I asked for an explanation of "Authenticated signatures
on control messages." Which resulted in the following text:
An important consideration is, that all control messages in OLSR are
transmitted either to all nodes in the neighborhood (HELLO messages)
or broadcast to all nodes in the network (e.g. TC messages). I.e.
a control message in OLSR is always a point-to-multipoint
transmission. It is therefore important that the authentication
mechanism employed permits that any receiving node can validate the
authenticity of a message. As an analogy, given a block of text,
signed by a PGP private key, then anyone with the corresponding
public key can verify the authenticiy of the text.
Please correct the spelling of authenticity.
Again, PGP does not seem like the correct mechanism. Further, a message
authentication code is acceptable if the source needs to be limited to the
collection of nodes that know the key. IPsec ESP provides this service in
a multicast environment. If the node must know the precise source of each
control message, then a digital signature is probably going to be
needed. The work on SBGP may offer a way forward in this area.