Re: [OSPF] FW: New Version Notification for draft-ietf-ospf-security-extension-manual-keying-09.txt

Alia Atlas <akatlas@gmail.com> Tue, 07 October 2014 14:47 UTC

Return-Path: <akatlas@gmail.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DAF21A1BB4 for <ospf@ietfa.amsl.com>; Tue, 7 Oct 2014 07:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.485
X-Spam-Level:
X-Spam-Status: No, score=-0.485 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_RHS_DOB=1.514] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tkRatgJxAGMn for <ospf@ietfa.amsl.com>; Tue, 7 Oct 2014 07:47:48 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B547D1A6F90 for <ospf@ietf.org>; Tue, 7 Oct 2014 07:47:47 -0700 (PDT)
Received: by mail-wi0-f173.google.com with SMTP id fb4so8130838wid.0 for <ospf@ietf.org>; Tue, 07 Oct 2014 07:47:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JRA9r45DCegYojLkwqSiL+V/idZE5w/nrYqR3RLx/3c=; b=hlgriqn5JomraJmAEwXF97No31X1Uup4mcEzsP3eID4dLMG5xYc6ALoPpy91Fl1cD3 xQEKrmVf+Hqsc0ULGBVHo3a7z1twValkGX0MFSgIAJXRmf29xdSKz2W9r0BX/etWXLXa l9v2JoyBILxna0C22RsGzHu41rlJZfSNFCMMUGq7PdCngOPbkzOW/WwLAD182C46pRRf m0Q0X3hxZTR1OzJkE2FjZKP5V7IUgH3WAaszcsnHyT0lhysJDsUQctzGzs0FEaDTMlcl vGaHpKQU+rzD+LOpLg2AlbXrOw68FiXxwUs3oRJswZpTrIW87N7bDZr3uIBJqXRjHi2t NTbA==
MIME-Version: 1.0
X-Received: by 10.194.184.111 with SMTP id et15mr5495629wjc.14.1412693266181; Tue, 07 Oct 2014 07:47:46 -0700 (PDT)
Received: by 10.217.69.138 with HTTP; Tue, 7 Oct 2014 07:47:46 -0700 (PDT)
In-Reply-To: <D0596902.440E%acee@cisco.com>
References: <20141007103803.28280.59076.idtracker@ietfa.amsl.com> <D0596902.440E%acee@cisco.com>
Date: Tue, 7 Oct 2014 10:47:46 -0400
Message-ID: <CAG4d1rdUr-Aqhxz31QQ9hzpqgFSwtGoYcBPdn+u4jY6uudy6ww@mail.gmail.com>
From: Alia Atlas <akatlas@gmail.com>
To: "Acee Lindem (acee)" <acee@cisco.com>
Content-Type: multipart/alternative; boundary=047d7ba97e9a4eb38f0504d64832
Archived-At: http://mailarchive.ietf.org/arch/msg/ospf/j-hlCWm0fLqShuyJcGtDPilu5pU
Cc: OSPF WG List <ospf@ietf.org>
Subject: Re: [OSPF] FW: New Version Notification for draft-ietf-ospf-security-extension-manual-keying-09.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 14:47:49 -0000

Acee,

Looks good - thanks!

Alia

On Tue, Oct 7, 2014 at 9:56 AM, Acee Lindem (acee) <acee@cisco.com>; wrote:

> This version just addresses Alia┬╣s AD review comments. The draft is in
> IESG Last Call.
> Thanks,
> Acee
>
> On 10/7/14, 6:38 AM, "internet-drafts@ietf.org"; <internet-drafts@ietf.org>;
> wrote:
>
> >
> >A new version of I-D,
> >draft-ietf-ospf-security-extension-manual-keying-09.txt
> >has been successfully submitted by Manav Bhatia and posted to the
> >IETF repository.
> >
> >Name:          draft-ietf-ospf-security-extension-manual-keying
> >Revision:      09
> >Title:         Security Extension for OSPFv2 when using Manual Key
> Management
> >Document date: 2014-10-06
> >Group:         ospf
> >Pages:         13
> >URL:
> >
> http://www.ietf.org/internet-drafts/draft-ietf-ospf-security-extension-man
> >ual-keying-09.txt
> >Status:
> >
> https://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual
> >-keying/
> >Htmlized:
> >
> http://tools.ietf.org/html/draft-ietf-ospf-security-extension-manual-keyin
> >g-09
> >Diff:
> >
> http://www.ietf.org/rfcdiff?url2=draft-ietf-ospf-security-extension-manual
> >-keying-09
> >
> >Abstract:
> >   The current OSPFv2 cryptographic authentication mechanism as defined
> >   in RFC 2328 and RFC 5709 is vulnerable to both inter-session and
> >   intra-session replay attacks when using manual keying.  Additionally,
> >   the existing cryptographic authentication mechanism does not cover
> >   the IP header.  This omission can be exploited to carry out various
> >   types of attacks.
> >
> >   This draft proposes changes to the authentication sequence number
> >   mechanism that will protect OSPFv2 from both inter-session and intra-
> >   session replay attacks when using manual keys for securing OSPFv2
> >   protocol packets.  Additionally, we also describe some changes in the
> >   cryptographic hash computation that will eliminate attacks resulting
> >   from OSPFv2 not protecting the IP header.
> >
> >
> >
> >
> >
> >Please note that it may take a couple of minutes from the time of
> >submission
> >until the htmlized version and diff are available at tools.ietf.org.
> >
> >The IETF Secretariat
> >
>
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf
>