[c-nsp] 6509 IPv6 OSPF Auth

Alastair Johnson aj at sneep.net
Sun Feb 20 21:18:42 EST 2011


On 2/18/2011 10:36 AM, Nick Hilliard wrote:
> On 18/02/2011 17:51, Justin Krejci wrote:
>> Yeah... I guess no one would ever use IPv6 with OSPF until IPv6 feature
>> sets are completely matured on all platforms of every major vendor. Or
>> maybe no vendor should release any v6 support until every feature was
>> 100% v6 enabled.
>
> I don't think that was the problem. The IETF wonks saw MD5
> authentication on OSPFv2 as a dirty hack, rather than as a quick and
> easy means of providing a 99.99% solution to OSPF authentication.
> Instead, they wanted a 100% solution, and in their opinion IPsec was the
> way to do this because it provided a cryptographically sound framework
> for authentication and encryption services. So they mandated that there
> should be no MD5 authentication for OSPFv3, just IPsec.

There is a current draft that proposes to add digest authentication to 
OSPFv3. You might want to support this in the IETF and ask Cisco to 
support it.

http://tools.ietf.org/html/draft-bhatia-manral-auth-trailer-ospfv3-01

aj


More information about the cisco-nsp mailing list