Technical Summary
Currently OSPFv3 uses IPsec as the only mechanism for authenticating
protocol packets. This behavior is different from authentication
mechanisms present in other routing protocols (OSPFv2, IS-IS, RIPng).
In some environments, it has been found that IPsec is difficult to
configure and maintain, and cannot be used. This document proposes
an alternative mechanism to authenticate OSPFv3 protocol packets so
that OSPFv3 does not depend upon only IPsec for authentication.
Working Group Summary
There was discussion about the size of Crypto Sequence Number.
After much debate it was agreed to increase it from 32 bit to 64 bit.
Document Quality
This extension is similar to OSPFv2 Cryptographic Authentication
where a message digest is appended to the end of the OSPF packet.
There is no known implementation at this time.
Personnel
Abhay Roy (akr@cisco.com) is the Document Shepherd for this document.
Stewart Bryant (stbryant@cisco.com) Responsible Area Director.
RFC Editor Note
Abstract
s/proposes/defines/
Introduction
s/This document proposes a new mechanism/This document defines a new mechanism/
- end of section 3 is missing a full stop.
Section 4.3
s/> the secret key/the secret key/