[OPSEC] Cryptographic Authentication Algorithm Implementation Best Practices for Routing Protocols
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 11 November 2009 12:04 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B8A428C20E for <opsec@core3.amsl.com>; Wed, 11 Nov 2009 04:04:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.209
X-Spam-Level:
X-Spam-Status: No, score=-2.209 tagged_above=-999 required=5 tests=[AWL=0.390, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4iT+l9NlDSH for <opsec@core3.amsl.com>; Wed, 11 Nov 2009 04:03:59 -0800 (PST)
Received: from hoemail2.alcatel.com (hoemail2.alcatel.com [192.160.6.149]) by core3.amsl.com (Postfix) with ESMTP id 77AE13A6A42 for <opsec@ietf.org>; Wed, 11 Nov 2009 04:03:54 -0800 (PST)
Received: from horh1.usa.alcatel.com (h172-22-218-55.lucent.com [172.22.218.55]) by hoemail2.alcatel.com (8.13.8/IER-o) with ESMTP id nABC4MpC029640 for <opsec@ietf.org>; Wed, 11 Nov 2009 06:04:22 -0600 (CST)
Received: from mail.apac.alcatel-lucent.com (h202-65-2-130.alcatel.com [202.65.2.130]) by horh1.usa.alcatel.com (8.13.8/emsr) with ESMTP id nABC4KKX028846 for <opsec@ietf.org>; Wed, 11 Nov 2009 06:04:21 -0600 (CST)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com (inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by mail.apac.alcatel-lucent.com (8.13.7/8.13.7/Alcanet1.0) with ESMTP id nABC0pwY004151 for <opsec@ietf.org>; Wed, 11 Nov 2009 20:02:54 +0800
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.38]) by INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi; Wed, 11 Nov 2009 17:33:44 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: opsec wg mailing list <opsec@ietf.org>
Date: Wed, 11 Nov 2009 17:33:43 +0530
Thread-Topic: Cryptographic Authentication Algorithm Implementation Best Practices for Routing Protocols
Thread-Index: AcpixwQLqcdIXFZZTP6ke0PY9BqNxg==
Message-ID: <7C362EEF9C7896468B36C9B79200D8350A681DDB16@INBANSXCHMBSA1.in.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 172.22.12.28
X-Scanned-By: MIMEDefang 2.64 on 202.65.2.130
Subject: [OPSEC] Cryptographic Authentication Algorithm Implementation Best Practices for Routing Protocols
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 12:04:00 -0000
Hi, We have posted the revised version based on the feedback that we had received from the working group and its available here: http://www.ietf.org/id/draft-bhatia-manral-igp-crypto-requirements-04.txt Abstract The routing protocols Open Shortest Path First version 2 (OSPFv2)[RFC2328], Intermediate System to Intermediate System (IS-IS) [ISO] [RFC1195] and Routing Information Protocol (RIP) [RFC2453] currently define Clear Text and MD5 (Message Digest 5) [RFC1321] methods for authenticating protocol packets. Recently effort has been made to add support for the SHA (Secure Hash Algorithm) family of hash functions for the purpose of authenticating routing protocol packets for RIP [RFC4822], IS-IS [RFC5310] and OSPF [RFC5709]. To encourage interoperability between disparate implementations, it is imperative that we specify the expected minimal set of algorithms thereby ensuring that there is at least one algorithm that all implementations will have in common. This document examines the current set of available algorithms with interoperability and effective cryptographic authentication protection being the principle considerations. Cryptographic authentication of these routing protocols requires the availability of the same algorithms in disparate implementations. It is desirable that newly specified algorithms should be implemented and available in routing protocol implementations because they may be promoted to requirements at some future time. Cheers, Manav -- Manav Bhatia, IP Division, Alcatel-Lucent, Bangalore - India
- [OPSEC] Cryptographic Authentication Algorithm Im… Bhatia, Manav (Manav)