OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Eastlake III Donald-LDE008 (Donald.Eastlake_at_MOTOROLA.COM)
Date: Wed Aug 14 2002 - 10:07:03 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Mukesh,

    Yes, I was talking about OSPFv2.

    Thanks for your response but, given that in today's world the shared key is
    usually set up "manually", what method is most commonly used? SSH or Secure
    Telnet to a Command Line Interface? SNMP? TLS to a web interface? Do routers
    usually have two or three ways it can be done?

    As I say, I realize this isn't strictly part of the OSPFv2 protocol but
    would appreciate any information people can provide.

    Thanks,
    Donald

    Date: Tue, 13 Aug 2002 14:06:10 -0400
    From: Eastlake III Donald-LDE008 <Donald.EastlakeMOTOROLA.COM>
    Subject: OSPF cryptographic authentication keying

    Hi,

    I have a couple of questions about how keying is established for OSPF
    cryptographic authentication:

    First of all, which may be a stupid questions, I have the impression the
    keying is essentially on a pairwise basis, rather than a key being shared
    among all the entities in an area. Is that correct?

    Second, how are these keys normally established in today's operational
    world? I realize this is a bit outside of the scope of OSPF, but do people
    use manual entry, SNMP, some negotiation framework like ISAKMP, or what?

    Thanks,
    Donald

    Donald E. Eastlake 3rd, +1-508-851-8280 (voice), +1-508-851-8507 (fax)
    Motorola, MS: M2-450, 20 Cabot Boulevard, Mansfield, MA 02048 USA

    ------------------------------

    Date: Tue, 13 Aug 2002 11:44:51 -0700
    From: Mukesh Gupta <mguptaIPRG.NOKIA.COM>
    Subject: Re: OSPF cryptographic authentication keying

    > I have a couple of questions about how keying is established for OSPF
    > cryptographic authentication:

    I am assuming that you are talking about OSPFv2.

    > First of all, which may be a stupid questions, I have the impression the
    > keying is essentially on a pairwise basis, rather than a key being shared
    > among all the entities in an area. Is that correct?

    To my knowledge, No. It is not correct. The keys are shared between all the
    entities in an area and they are not on a pairwise basis. Using pairwise
    keys
    in the multicast environment will not work.

    > Second, how are these keys normally established in today's operational
    > world? I realize this is a bit outside of the scope of OSPF, but do people
    > use manual entry, SNMP, some negotiation framework like ISAKMP, or what?

    I think, most of the implementations use manual entry. ISAKMP wouldn't be
    easy
    to use in the multicast environment OSPF uses. Key negotiation mechanisms
    for
    multicast are still being explored.

    regards
    Mukesh 

    --
******************************************************************
Work fascinates me. I can look at it for  hours !
******************************************************************
Mukesh Gupta
Phone: (650) 625-2264
Cell : (650) 868-9111
http://www.iprg.nokia.com/~mgupta
******************************************************************