[Isis-wg] Cryptographic Algorithm Implementation Requirements for IS-IS
Manav Bhatia <manav_bhatia06@yahoo.co.uk> Sat, 22 July 2006 01:39 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G46T1-0002QU-62; Fri, 21 Jul 2006 21:39:43 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G46Sz-0002QP-UF for isis-wg@ietf.org; Fri, 21 Jul 2006 21:39:41 -0400
Received: from web25410.mail.ukl.yahoo.com ([217.146.176.228]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1G46Sy-0006Db-6Y for isis-wg@ietf.org; Fri, 21 Jul 2006 21:39:41 -0400
Received: (qmail 3792 invoked by uid 60001); 22 Jul 2006 01:39:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=e+yI7izgcjktYvWghMBfRIWKralTzLNlEkUirvET5hf0h+syp2cY32YUOramxHnWpZdoIXiAV5bM2d9EPQcmiuvJswphMVxFSvkK7DGrGsaekNN/raHguSlPcPeTncCFigTxmBpZ0sBJ72NWJIuTXzIWIgdcEHDi7r30deZVFfo= ;
Message-ID: <20060722013939.3790.qmail@web25410.mail.ukl.yahoo.com>
Received: from [202.144.106.189] by web25410.mail.ukl.yahoo.com via HTTP; Sat, 22 Jul 2006 01:39:39 GMT
Date: Sat, 22 Jul 2006 01:39:39 +0000
From: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
To: isis <isis-wg@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.9 (/)
X-Scan-Signature: 02ec665d00de228c50c93ed6b5e4fc1a
Subject: [Isis-wg] Cryptographic Algorithm Implementation Requirements for IS-IS
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Manav Bhatia <manav_bhatia06@yahoo.co.uk>
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org
Hi,
This draft follows the ISIS HMAC SHA authentication draft that was presented in Montreal.
This document lists down the various authentication schemes and algorithms that IS-IS can use to authenticate its PDUs. Further to ensure interop between different
implementations, it specifies a set of MUST/SHOULD/MAY support auth schemes/algos to ensure that there is atleast 1 auth algo/scheme that all implementations support.
This is basically an equivalent of RFC 4305 for IS-IS.
The nature of cryptography is that new algorithms surface continuously and existing algorithms are continuously attacked. An algorithm believed to be strong today may be demonstrated to be weak tomorrow. Given this, the choice of mandatory-to-implement algorithm should be conservative so as to minimize the likelihood of it being compromised quickly.
Also, we need to recognize that the mandatory-to-implement algorithm(s) may need to change over time to adapt to the changing world. For this reason, the selection of mandatory-to-implement algorithms should not be included in the base IS-IS specification. This way it is only this document that needs to get updated, whenever there is a need to update the status of mandatory-to-implement authentication algorithms or if some authentication algorithms are deprecated/obsoleted.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.txt
Thanks,
Manav
> ----- Forwarded Message ----
> From: Internet-Drafts@ietf.org
> To: i-d-announce@ietf.org
> Sent: Saturday, July 22, 2006 1:20:01 AM
> Subject: I-D ACTION:draft-bhatia-manral-crypto-req-isis-00.txt
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
> Title : Cryptographic Algorithm Implementation Requirements for IS-IS
> Author(s) : M. Bhatia, V. Manral
> Filename : draft-bhatia-manral-crypto-req-isis-00.txt
> Pages : 7
> Date : 2006-7-21
>
> IS-IS currently defines two different kinds of authentication
> schemes: Clear Text password and HMAC-MD5. There has been recently a
> new draft submitted that adds support for a generic cryptographic
> authentication scheme, which can make use of different cryptographic
> algorithms in order to authenticate the IS-IS PDUs.
>
> To ensure interoperability between disparate implementations, it is
> imperative that we specify a set of mandatory-to-implement algorithms
> to ensure that there is at least one algorithm that all
> implementations will have available.
>
> This document defines the current set of mandatory-to-implement
> algorithms to be used for the cryptographic authentication for IS-IS
> as well as specifying the algorithms that should be implemented
> because they may be promoted to mandatory at some future time.
>
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-bhatia-manral-crypto-req-isis-00.txt
>
> To remove yourself from the I-D Announcement list, send a message to
> i-d-announce-request@ietf.org with the word unsubscribe in the body of the message.
> You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
> to change your subscription settings.
>
>
_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] Cryptographic Algorithm Implementation … Manav Bhatia
- RE: [Isis-wg] Cryptographic Algorithm Implementat… Manav Bhatia