[148068] in North American Network Operators' Group
Re: Does anybody out there use Authentication Header (AH)?
daemon@ATHENA.MIT.EDU (Glen Kent)
Sun Jan 1 20:05:49 2012
In-Reply-To: <20120102005754.GR14970@angus.ind.WPI.EDU>
Date: Mon, 2 Jan 2012 06:34:56 +0530
From: Glen Kent <glen.kent@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson <cra@wpi.edu> wrote:
> I'm using AH for OSPFv2 and OSPFv3 authentication. =A0For OSPFv3, there
> is no other option than some kind of IPsec for authentication. =A0I'm
> also using it for OSPFv2 so I don't have to maintain multiple
> authentication methods and keys for the different protocols.
OSPF WG has come out with a mechanism that can be used to secure
OSPFv3 without IPsec -
http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-11
It should get published as an RFC any time now.
BTW, there isnt any standard for using IPsec with OSPFv2, so youre
probably using a proprietary solution. I think a better solution is to
move to OSPFv3-AT, as its very similar to OSPFv2 authentication.
Glen
