[karp] Cryptographic Authentication Algorithm Implementation Best Practices for Routing Protocols
Manav Bhatia <manavbhatia@gmail.com> Wed, 11 November 2009 12:23 UTC
Return-Path: <manavbhatia@gmail.com>
X-Original-To: karp@core3.amsl.com
Delivered-To: karp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E79A3A688D for <karp@core3.amsl.com>; Wed, 11 Nov 2009 04:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.516
X-Spam-Level:
X-Spam-Status: No, score=-2.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HMDYzU4BiVEE for <karp@core3.amsl.com>; Wed, 11 Nov 2009 04:23:56 -0800 (PST)
Received: from mail-qy0-f191.google.com (mail-qy0-f191.google.com [209.85.221.191]) by core3.amsl.com (Postfix) with ESMTP id 523B028C252 for <karp@ietf.org>; Wed, 11 Nov 2009 04:23:41 -0800 (PST)
Received: by qyk29 with SMTP id 29so485629qyk.32 for <karp@ietf.org>; Wed, 11 Nov 2009 04:24:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=he3pxhjD09dJX7geo1xc0Uql56RgyR5GeX/OmpGn1bc=; b=pm1n+E3KcwOp9zL280bjSI0mooyjAzJumjdtyXq51CJ/BxZmBX3Y9RV/ELedRJ2lH+ fQoEc3DUmeOpEEmPsluLvCXoffWA7Wv9P7h4Z/7IQPK9va0xYwR14qoUlAueE/Kwg68O PpVc9YbjHZuP2m6JDF5iKhYtrvA3DTqqM0i98=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=yCY66bb4wfYyaTlJQUQYTub04tE02f0p2a4oI5Hdi7V6HnRpiUUw8uNnddoIiqUoKd xGJR4Tl8mbtn92yXPOaIxihQKR6apyO6YmbR7pYvNL7exLFo+xyWQhNm5tGIRcVUuTvY uFl9jqx2G8Ca+leIBc7Ek8fy3xgnzTpYDOn0U=
MIME-Version: 1.0
Received: by 10.224.66.35 with SMTP id l35mr766411qai.131.1257942246801; Wed, 11 Nov 2009 04:24:06 -0800 (PST)
Date: Wed, 11 Nov 2009 17:54:06 +0530
Message-ID: <f95973910911110424t306d43a9pcdccbfd8c1ed1c64@mail.gmail.com>
From: Manav Bhatia <manavbhatia@gmail.com>
To: karp@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [karp] Cryptographic Authentication Algorithm Implementation Best Practices for Routing Protocols
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 12:23:57 -0000
Hi, We have posted the revised version based on the feedback that we had received from OPSEC and its available here: http://www.ietf.org/id/draft-bhatia-manral-igp-crypto-requirements-04.txt Would be great if folks in KARP go through this and provide some feedback. Abstract The routing protocols Open Shortest Path First version 2 (OSPFv2)[RFC2328], Intermediate System to Intermediate System (IS-IS) [ISO] [RFC1195] and Routing Information Protocol (RIP) [RFC2453] currently define Clear Text and MD5 (Message Digest 5) [RFC1321] methods for authenticating protocol packets. Recently effort has been made to add support for the SHA (Secure Hash Algorithm) family of hash functions for the purpose of authenticating routing protocol packets for RIP [RFC4822], IS-IS [RFC5310] and OSPF [RFC5709]. To encourage interoperability between disparate implementations, it is imperative that we specify the expected minimal set of algorithms thereby ensuring that there is at least one algorithm that all implementations will have in common. This document examines the current set of available algorithms with interoperability and effective cryptographic authentication protection being the principle considerations. Cryptographic authentication of these routing protocols requires the availability of the same algorithms in disparate implementations. It is desirable that newly specified algorithms should be implemented and available in routing protocol implementations because they may be promoted to requirements at some future time. Cheers, Manav
- [karp] Cryptographic Authentication Algorithm Imp… Manav Bhatia
- Re: [karp] Cryptographic Authentication Algorithm… David McGrew