The IESG has approved the following document: - 'Simple Authentication Schemes for the ALC and NORM Protocols' (draft-ietf-rmt-simple-auth-for-alc-norm-06.txt) as a Proposed Standard This document is the product of the Reliable Multicast Transport Working Group. The IESG contact persons are David Harrington and Wesley Eddy. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-rmt-simple-auth-for-alc-norm/ Technical Summary This document introduces four schemes that provide a per-packet authentication and integrity service in the context of the ALC and NORM protocols. The first scheme is based on digital signatures. Because it relies on asymmetric cryptography, this scheme generates a high processing load at the sender and to a lesser extent at a receiver, as well as a significant transmission overhead. It is therefore well suited to low data rate sessions. The second scheme relies on the Elliptic Curve Digital Signature Algorithm (ECDSA). If this approach also relies an asymmetric cryptography, the processing load and the transmission overhead are significantly reduced compared to traditional digital signature schemes. It is therefore well suited to medium data rate sessions. The third scheme relies on a group Message Authentication Code (MAC). Because this scheme relies on symmetric cryptography, MAC calculation and verification are fast operations, which makes it suited to high data rate sessions. However it only provides a group authentication and integrity service, which means that it only protects against attackers that are not group members. Finally, the fourth scheme merges the digital signature and group schemes, and is useful to mitigate DoS attacks coming from attackers that are not group members. The document specifies formats for the EXT_AUTH header extension type that both the NORM and ALC protocol specifications provide. This allows these authentication schemes to be used for these protocols as an alternative to IPSec for deployment use cases where appropriate. Working Group Summary There is consensus in the WG to publish these documents. The WG submitted the document for Experimental status, but following the suggestion of the IESG, the document is being submitted as Proposed Standard. An IETF LC for Proposed Standard status ends 1-25-12. Document Quality The document quality is high. The authors also published another similar document describing the use of the more complex TESLA authentication technique for these protocols and this document benefits from the reviews of that document as well. Personnel Brian Adamson is the Document Shepherd. Dave Harrington is the Responsible Area Director. RFC Editor Note 1) ALC and NORM should be expanded on first use. 2) Section 3.4 states: All receivers MUST recognize EXT_AUTH but MAY not be able to parse its content, for instance because they do not support digital signatures. Please replace MAY with might. (This text recurs in Sections 4.4, 5.4, and 6.4.) _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
