Security Extension for OSPFv2 When Using Manual Key Management
draft-ietf-ospf-security-extension-manual-keying-11
Yes
(Alia Atlas)
No Objection
(Benoît Claise)
(Jari Arkko)
(Kathleen Moriarty)
(Martin Stiemerling)
(Pete Resnick)
(Richard Barnes)
(Spencer Dawkins)
(Stephen Farrell)
(Ted Lemon)
Note: This ballot was opened for revision 10 and is now closed.
Adrian Farrel Former IESG member
Yes
Yes
(2014-10-28 for -10)
Unknown
Thanks for this work. I am happy to ballot Yes, but have a couple of minor points I think would benefit the document. --- It would be good to add a very short note on backward compatiblity. I don't find anything in 2328, but I assume that a legacy implementation receiving an unknown AuType is supposed to fail authentication. Could you state this with the appropriate reference? --- The Abstract needs to be updated as: s/draft/document/ s/proposes/defines/ --- Section 1 para 1 s/propose/define/ --- Section 1 final para s/proposes/defines/ --- Section 1.2. The RFC Editor will move this sections to be consistent with their editorial guidelines. --- I think it is a mistake to quote the whole OSPF header in Figure 1. This opens up questions of editorial mismatches and future changes etc. It would be better to model this on Appendix D of RFC 2328. Additionally, it may be better to name the packet-trailing field as "Extended Authentication Data" to avoid confusion with the field in the generic packet header shown in RFC 2328 and called "Authentication"
Alia Atlas Former IESG member
Yes
Yes
(for -10)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(2014-10-28 for -10)
Unknown
= Section 3 = s/This section of this/This section/
Barry Leiba Former IESG member
No Objection
No Objection
(2014-10-28 for -10)
Unknown
It seems that this document should be marked as "updates 5709", but it isn't. Why not?
Benoît Claise Former IESG member
No Objection
No Objection
(for -10)
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
(2014-10-28 for -10)
Unknown
I support the publication of this document, but agree with Adrian's suggestion to include some discussion on backwards compatibility.
Jari Arkko Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(2014-10-30 for -10)
Unknown
If the non-volatile storage is ever repaired or upgraded such that the contents are lost or the OSPFv2 router is replaced, the authentication keys MUST be changed to prevent replay attacks. or if you ever replace the router... part of the reason manual keying is used is changing the authentication is quite hard particularly in cases where there are multiple neighbors on the same subnet.
Kathleen Moriarty Former IESG member
No Objection
No Objection
(for -10)
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -10)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(for -10)
Unknown
Richard Barnes Former IESG member
No Objection
No Objection
(for -10)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -10)
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(for -10)
Unknown
Ted Lemon Former IESG member
No Objection
No Objection
(for -10)
Unknown