[OSPF] Last Call: <draft-ietf-ospf-security-extension-manual-keying-11.txt> (Security Extension for OSPFv2 when using Manual Key Management) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Wed, 11 March 2015 21:15 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6BB41A878A; Wed, 11 Mar 2015 14:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2kiRyHWVF52H; Wed, 11 Mar 2015 14:15:21 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 527C81A8748; Wed, 11 Mar 2015 14:15:21 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.12.1
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
Message-ID: <20150311211521.13496.18623.idtracker@ietfa.amsl.com>
Date: Wed, 11 Mar 2015 14:15:21 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/ZQoCAkR_Rb9bAhO8PeJ9N8vF7n0>
Cc: ospf@ietf.org
Subject: [OSPF] Last Call: <draft-ietf-ospf-security-extension-manual-keying-11.txt> (Security Extension for OSPFv2 when using Manual Key Management) to Proposed Standard
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 21:15:23 -0000

The IESG has approved the following document from the Open Shortest Path 
First IGP WG (ospf):
  'Security Extension for OSPFv2 when using Manual Key Management'
  <draft-ietf-ospf-security-extension-manual-keying-11.txt> as Proposed
Standard

However, the document has had substantive changes to section 4 during the final document
review period. These changes are to better align with RFC 7210 and the
best practices in RFC 7211. There is also a correction in the last
paragraph of section 5. Hence, we are going to WG last call the final
document (now RFC 7474) as well as have a simultaneous IETF Last Call on
these specific changes.

The final document is located here:

 http://www.rfc-editor.org/authors/rfc7474.txt
 http://www.rfc-editor.org/authors/rfc7474-diff.html

This diff file shows changes since the last posted version:
  http://www.rfc-editor.org/authors/rfc7474-lastdiff.html

This rfcdiff file shows side-by-side changes since the last posted version:
  http://www.rfc-editor.org/authors/rfc7474-rfcdiff.html


The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-03-25. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   The current OSPFv2 cryptographic authentication mechanism as defined
   in RFC 2328 and RFC 5709 is vulnerable to both inter-session and
   intra-session replay attacks when using manual keying.  Additionally,
   the existing cryptographic authentication mechanism does not cover
   the IP header.  This omission can be exploited to carry out various
   types of attacks.

   This document defines changes to the authentication sequence number
   mechanism that will protect OSPFv2 from both inter-session and intra-
   session replay attacks when using manual keys for securing OSPFv2
   protocol packets.  Additionally, we also describe some changes in the
   cryptographic hash computation that will eliminate attacks resulting
   from OSPFv2 not protecting the IP header.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/ballot/


No IPR declarations have been submitted directly on this I-D.