[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-ospf
Subject: Re: OSPF cryptographic authentication keying
From: Mukesh Gupta <mgupta () IPRG ! NOKIA ! COM>
Date: 2002-08-16 20:45:21
[Download RAW message or body]
Hi Donald,
You are right that your question has absolutely nothing to do with OSPF.
It is really related to the security of generic configuration infrastructure of
vendors. Generally vendors have multiple interfaces to the systems. Talking
about our systems, we have CLI after accessing the system using direct console
access, normal telnet in a secure environment, SSH and web access with HTTP and
HTTPS.
regards
Mukesh
Eastlake III Donald-LDE008 wrote:
> Mukesh,
>
> Yes, I was talking about OSPFv2.
>
> Thanks for your response but, given that in today's world the shared key is
> usually set up "manually", what method is most commonly used? SSH or Secure
> Telnet to a Command Line Interface? SNMP? TLS to a web interface? Do routers
> usually have two or three ways it can be done?
>
> As I say, I realize this isn't strictly part of the OSPFv2 protocol but
> would appreciate any information people can provide.
>
> Thanks,
> Donald
>
> Date: Tue, 13 Aug 2002 14:06:10 -0400
> From: Eastlake III Donald-LDE008 <Donald.Eastlake@MOTOROLA.COM>
> Subject: OSPF cryptographic authentication keying
>
> Hi,
>
> I have a couple of questions about how keying is established for OSPF
> cryptographic authentication:
>
> First of all, which may be a stupid questions, I have the impression the
> keying is essentially on a pairwise basis, rather than a key being shared
> among all the entities in an area. Is that correct?
>
> Second, how are these keys normally established in today's operational
> world? I realize this is a bit outside of the scope of OSPF, but do people
> use manual entry, SNMP, some negotiation framework like ISAKMP, or what?
>
> Thanks,
> Donald
>
> Donald E. Eastlake 3rd, +1-508-851-8280 (voice), +1-508-851-8507 (fax)
> Motorola, MS: M2-450, 20 Cabot Boulevard, Mansfield, MA 02048 USA
>
> ------------------------------
>
> Date: Tue, 13 Aug 2002 11:44:51 -0700
> From: Mukesh Gupta <mgupta@IPRG.NOKIA.COM>
> Subject: Re: OSPF cryptographic authentication keying
>
> > I have a couple of questions about how keying is established for OSPF
> > cryptographic authentication:
>
> I am assuming that you are talking about OSPFv2.
>
> > First of all, which may be a stupid questions, I have the impression the
> > keying is essentially on a pairwise basis, rather than a key being shared
> > among all the entities in an area. Is that correct?
>
> To my knowledge, No. It is not correct. The keys are shared between all the
> entities in an area and they are not on a pairwise basis. Using pairwise
> keys
> in the multicast environment will not work.
>
> > Second, how are these keys normally established in today's operational
> > world? I realize this is a bit outside of the scope of OSPF, but do people
> > use manual entry, SNMP, some negotiation framework like ISAKMP, or what?
>
> I think, most of the implementations use manual entry. ISAKMP wouldn't be
> easy
> to use in the multicast environment OSPF uses. Key negotiation mechanisms
> for
> multicast are still being explored.
>
> regards
> Mukesh
>
> --
> ******************************************************************
> Work fascinates me. I can look at it for hours !
> ******************************************************************
> Mukesh Gupta
> Phone: (650) 625-2264
> Cell : (650) 868-9111
> http://www.iprg.nokia.com/~mgupta
> ******************************************************************
--
******************************************************************
This Would Be Really Funny If It Weren't Happening To Me.
******************************************************************
Mukesh Gupta
Phone: (650) 625-2264
Cell : (650) 868-9111
http://www.iprg.nokia.com/~mgupta
******************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic