[Babel-users] Babel authentication I-D version 01

Denis Ovsienko infrastation at yandex.ru
Tue Jan 29 18:21:00 UTC 2013 

22.01.2013, 19:27, "Gabriel Kerneis" <kerneis at pps.jussieu.fr>:

[...]

>    [RIP2-AUTH] established the reference method of HMAC construct
>    application housing the computed authentication data inside the
>    message being authenticated.
>
> I do not understand what this means.

This now reads:

   [RIP2-AUTH] established a reference method of routing protocol
   packets authentication using the HMAC construct.  The method sets
   that a protocol packet being authenticated is sized and structured in
   a way to contain a data space purposed for the authentication data.
   Before processing the packet with the HMAC computation the data space
   is filled with some data a receiver of the packet can reproduce
   exactly, typically involving an arbitrary number known as a padding
   constant.  After the HMAC computation the data space is overwritten
   with the resulting authentication data.

   The padding constant used in [RIP2-AUTH] is 0x878FE1F3 four-octet
   value.  Subsequent works (including [OSPF2-AUTH] and [OSPF3-AUTH])
   inherited both the method and the padding constant value. ...

[...]

>    An implementation MUST allow the operator
>    discovering the effective value of MaxDigestsIn in runtime or from
>    the system documentation.
>
> Or from configuration files (unless you consider this a special case of "in
> runtime"?).  Idem for MaxDigestsOut, etc.  Maybe also mention "such as CLI or
> SNMP" here, as you do it later for ANM Table.

There is now an additional paragraph in the Introduction:

   Wherever this specification mentions the operator reading or changing
   a particular data structure, variable, parameter, or event counter
   "at runtime", it is up to the implementer how this is to be done.
   For example, the implementation can employ an interactive CLI, or a
   management protocol such as SNMP, or an inter-process communication
   mean such as a local socket, or a combination of these.

All other respective places mention just "at runtime" now.

-- 
    Denis Ovsienko

More information about the Babel-users mailing list