[OSPF] FW: [Technical Errata Reported] RFC6506 (3335)
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Thu, 06 September 2012 04:03 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 385FF21F8530 for <ospf@ietfa.amsl.com>; Wed, 5 Sep 2012 21:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sqBCgrjFkx9 for <ospf@ietfa.amsl.com>; Wed, 5 Sep 2012 21:03:31 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id 8689B21F852D for <ospf@ietf.org>; Wed, 5 Sep 2012 21:03:31 -0700 (PDT)
Received: from inbansmailrelay1.in.alcatel-lucent.com (h135-250-11-31.lucent.com [135.250.11.31]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id q8643QOR001554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <ospf@ietf.org>; Wed, 5 Sep 2012 23:03:28 -0500 (CDT)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com (inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by inbansmailrelay1.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q8643POT009044 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <ospf@ietf.org>; Thu, 6 Sep 2012 09:33:26 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi; Thu, 6 Sep 2012 09:33:25 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "ospf@ietf.org" <ospf@ietf.org>
Date: Thu, 06 Sep 2012 09:33:34 +0530
Thread-Topic: [Technical Errata Reported] RFC6506 (3335)
Thread-Index: Ac2L40uKqJ3SQc9MTwOk93NN4CkNkQAABadA
Message-ID: <7C362EEF9C7896468B36C9B79200D8350D07BF278C@INBANSXCHMBSA1.in.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Subject: [OSPF] FW: [Technical Errata Reported] RFC6506 (3335)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2012 04:03:36 -0000
Hi, Srinivasan L from Huawei had noticed an issue with the text that appeared in Sec 4.5 and had sent me an email asking me about this. It appears like a genuine issue and I have raised an errata for this. We had added text to support cross protocol attacks as part of the secdir review. Clearly, we missed updating the text in Sec 4.5. This is one problem that occurs when we make substantial changes so late in the cycle - there aren't enough review cycles that the draft goes through. Cheers, Manav -----Original Message----- From: RFC Errata System [mailto:rfc-editor@rfc-editor.org] Sent: Thursday, September 06, 2012 9:21 AM To: Bhatia, Manav (Manav); vishwas.manral@hp.com; acee.lindem@ericsson.com; stbryant@cisco.com; adrian@olddog.co.uk; akr@cisco.com; acee.lindem@ericsson.com Cc: Bhatia, Manav (Manav); ospf@ietf.org; rfc-editor@rfc-editor.org Subject: [Technical Errata Reported] RFC6506 (3335) The following errata report has been submitted for RFC6506, "Supporting Authentication Trailer for OSPFv3". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6506&eid=3335 -------------------------------------- Type: Technical Reported by: Manav Bhatia <manav.bhatia@alcatel-lucent.com> Section: 4.5 Original Text ------------- If the Protocol-Specific Authentication Key (Ks) is L octets long, then Ko is equal to K. Corrected Text -------------- If the Protocol-Specific Authentication Key (Ks) is L octets long, then Ko is equal to Ks. Notes ----- The key K is never used in computing the digest. There is a class of cross protocol attacks that can be prevented if the original key K is appended with a few well known bytes. As a result, the key K is appended with a 2 octet crypto protocol ID to derive a new key Ks. Its this key that must always be used. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6506 (draft-ietf-ospf-auth-trailer-ospfv3-11) -------------------------------------- Title : Supporting Authentication Trailer for OSPFv3 Publication Date : February 2012 Author(s) : M. Bhatia, V. Manral, A. Lindem Category : PROPOSED STANDARD Source : Open Shortest Path First IGP Area : Routing Stream : IETF Verifying Party : IESG
- [OSPF] [Technical Errata Reported] RFC6506 (3335) RFC Errata System
- [OSPF] FW: [Technical Errata Reported] RFC6506 (3… Bhatia, Manav (Manav)