Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication

tony,

your suggested form of key rollover (all receivers can
authenticate against the new transmit-key) is certainly
a working model, however it is not the most convenient model
from a network operator perspective.

lets assume we start to configure the network with new
authentication keys.

There is a time window (until all routers have the new
authentication key) where the routers holding the new key are
using that key and other routers have not yet got the new key
and hence nothing to verify against.

   so what you require is some form of coordination i.e.
   to have all nodes hold off using the new transmit key
   up until the network is fully transitioned
   (i have seen implementations who achieve that with
   time/date based transmit key-selection) -> this requires
   some form of coordination (timestamp / key lifetime etc.)

back to the original idea - multiple instances of TLV #10 don't require
time-based transmit key selection, since the PDU contains
everybody's key of taste, which would IMO be more migration friendly.

BTW the "protocol extension" that i have in mind to make this work
is rather straightforward: clear all instances of TLV #10 to zero
before computing the digest of a single TLV #10 and doing of course
the same on reception.

/hannes

Tony Li wrote:
>  
> Hannes,
> 
> I'm of the opinion that key rollover and algorithm rollover do not
> require actual additional protocol specification and that transmitting
> multiple TLVs is not necessary.  For any form of rollover to work, a
> receiver must be prepared to accept multiple different combinations of
> password and algorithm.  It does not seem like a substantial effort for
> the receiver to try all of the possibilities that it is configured for.
> 
> Given this, one way to do smooth rollover is to go around and configure
> all nodes with the new password and/or algorithm.  Once that's completed
> and in production, then nodes can be set to transmit the new password
> and/or algorithm.
> 
> While 802.11's WEP is hardly a good example of this for security
> purposes, most implementations provide a fine example of how the UI for
> this would work: one key is used for transmit, while a list of keys is
> accepted.
> 
> Regards,
> Tony
> 
> P.s. Yes, I'm well aware that implementations do not currently support
> this behavior and will have to change.  Including Juniper's.  Sorry.
> ;-) 
> 
> 
> 
>>-----Original Message-----
>>From: Hannes Gredler [mailto:hannes@juniper.net] 
>>Sent: Wednesday, April 19, 2006 1:02 PM
>>To: tony.li@tony.li
>>Cc: 'Sofia Ray'; isis-wg@ietf.org
>>Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
>>
>>furthermore, it would be also time to think about authentication-type
>>migration support. i.e. discuss about authentication-type 
>>[simple->md5->sha]
>>and key rollover schemes and nail down the necessary behaviour
>>(multiple instances of TLV #10).
>>
>>the prevailing method for both authentication-type and key rollover
>>(= disabling authentication check during the transition window)
>>is not really smooth.
>>
>>/hannes
>>
>>Tony Li wrote:
>>
>>>Sofia,
>>>
>>>While I know of no substantive risks to the use of MD5 
>>
>>today as used in
>>
>>>3567, history suggests that someday, there will be.  Thus, 
>>
>>having other
>>
>>>algorithms available is only prudent and I strongly support 
>>
>>that goal.
>>
>>>Regards,
>>>Tony
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Sofia Ray [mailto:sofia.ray@lycos.com] 
>>>>Sent: Wednesday, April 19, 2006 11:04 AM
>>>>To: isis-wg@ietf.org
>>>>Subject: Re: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
>>>>
>>>>Manav,
>>>>
>>>>Whats wrong with the authentication scheme detailed in 3567?
>>>>
>>>>Yours,
>>>>Sofia
>>>>
>>>>----- Original Message ----
>>>>From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
>>>>To: isis-wg@ietf.org
>>>>Sent: Wednesday, 19 April, 2006 8:30:00 AM
>>>>Subject: [Isis-wg] IS-IS HMAC SHA Cryptographic Authentication
>>>>
>>>>
>>>>Hi,
>>>>
>>>>We have written a draft on extending ISIS to use HMAC-SHA 
>>>>authentication. Would appreciate if we can get some feedback 
>>>
>>>>from the WG. The mechanism proposed in the draft is backward 
>>>
>>>>compatible and would work with the existing ISIS implementations.
>>>>
>>>>Cheers,
>>>>Manav
>>>>
>>>>----- Forwarded Message ----
>>>>From: Internet-Drafts@ietf.org
>>>>To: i-d-announce@ietf.org
>>>>Sent: Wednesday, April 19, 2006 4:20:01 AM
>>>>Subject: I-D ACTION:draft-bhatia-manral-isis-hmac-sha-00.txt
>>>>
>>>>A New Internet-Draft is available from the on-line 
>>>>Internet-Drafts directories.
>>>>
>>>>   Title        : IS-IS HMAC SHA Cryptographic Authentication
>>>>   Author(s)    : M. Bhatia, V. Manral
>>>>   Filename    : draft-bhatia-manral-isis-hmac-sha-00.txt
>>>>   Pages        : 8
>>>>   Date        : 2006-4-18
>>>>
>>>>This document proposes an extension to IS-IS [ISO] [RFC1195] 
>>>>to allow the use of HMAC SHA authentication algorithm in 
>>>>addition to the already documented authentication schemes 
>>>>described in the base specification and RFC 3567.
>>>>
>>>>A URL for this Internet-Draft is:
>>>>http://www.ietf.org/internet-drafts/draft-bhatia-manral-isis-h
>>>>mac-sha-00.txt
>>>>
>>>>
>>>>
>>>>-- 
>>>>_______________________________________________
>>>>
>>>>Search for businesses by name, location, or phone number.  
>>>>-Lycos Yellow Pages
>>>>
>>>>http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.c
>>>>om/default.asp?SRC=lycos10
>>>>
>>>>
>>>>_______________________________________________
>>>>Isis-wg mailing list
>>>>Isis-wg@ietf.org
>>>>https://www1.ietf.org/mailman/listinfo/isis-wg
>>>>
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Isis-wg mailing list
>>>Isis-wg@ietf.org
>>>https://www1.ietf.org/mailman/listinfo/isis-wg
>>
> 

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg