![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Does anybody out there use Authentication Header (AH)?
From: Glen Kent <glen.kent () gmail com>
Date: Mon, 2 Jan 2012 06:34:56 +0530
On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson <cra () wpi edu> wrote:
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there is no other option than some kind of IPsec for authentication. I'm also using it for OSPFv2 so I don't have to maintain multiple authentication methods and keys for the different protocols.
OSPF WG has come out with a mechanism that can be used to secure OSPFv3 without IPsec - http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-11 It should get published as an RFC any time now. BTW, there isnt any standard for using IPsec with OSPFv2, so youre probably using a proprietary solution. I think a better solution is to move to OSPFv3-AT, as its very similar to OSPFv2 authentication. Glen
Current thread:
- Re: Does anybody out there use Authentication Header (AH)?, (continued)
- Re: Does anybody out there use Authentication Header (AH)? John Smith (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? TR Shaw (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? Steven Bellovin (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? Jack Kohn (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? Steven Bellovin (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? TR Shaw (Jan 02)
- Re: Does anybody out there use Authentication Header (AH)? John Smith (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? Chuck Anderson (Jan 01)
- Re: Does anybody out there use Authentication Header (AH)? Glen Kent (Jan 01)