Last Call: <draft-ietf-ospf-security-extension-manual-keying-08.txt> (Security Extension for OSPFv2 when using Manual Key Management) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has received a request from the Open Shortest Path First IGP WG
(ospf) to consider the following document:
- 'Security Extension for OSPFv2 when using Manual Key Management'
  <draft-ietf-ospf-security-extension-manual-keying-08.txt> as Proposed
Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-10-17. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   The current OSPFv2 cryptographic authentication mechanism as defined
   in RFC 2328 and RFC 5709 is vulnerable to both inter-session and
   intra-session replay attacks when using manual keying.  Additionally,
   the existing cryptographic authentication mechanism does not cover
   the IP header.  This omission can be exploited to carry out various
   types of attacks.

   This draft proposes changes to the authentication sequence number
   mechanism that will protect OSPFv2 from both inter-session and intra-
   session replay attacks when using manual keys for securing OSPFv2
   protocol packets.  Additionally, we also describe some changes in the
   cryptographic hash computation that will eliminate attacks resulting
   from OSPFv2 not protecting the IP header.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/ballot/


No IPR declarations have been submitted directly on this I-D.






[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux