I vaguely remember someone saying that someone specified phase 2 IKE (IPSec)
protocols for creating OSPF security associations. And that there's
also one for RIPv2.

I couldn't find either document. Where are they? (and indeed it's
possible they don't exist)

With the document, I could probably answer the following questions myself,
but if someone knows the answers...

1) Given that OSPF and RIPv2 run on top of IP, and assuming that
   there is a custom IKE phase 2 for OSPF, would an alternate solution
   have been just to run OSPF on top of IPSec? If so, then what would
   be better about a new IKE phase 2 exchange than running OSPF on
   top of IP/IPsec?
2) Is this envisioned for encrypting the OSPF packets or just integrity
   protecting them?
3) What key would be used for authenticating? (presumably a pre-shared key).
   In that case, why not just use keyed MD authentication option, which
   is already there?

Thanks,

Radia

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]