[OSPF] Last Call: <draft-ietf-ospf-security-extension-manual-keying-08.txt> (Security Extension for OSPFv2 when using Manual Key Management) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Fri, 03 October 2014 20:48 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F26C1A6FF8; Fri, 3 Oct 2014 13:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VT0w-yxCeAVx; Fri, 3 Oct 2014 13:48:01 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B8FD41A6F9A; Fri, 3 Oct 2014 13:48:01 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.3.p3
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20141003204801.25472.25734.idtracker@ietfa.amsl.com>
Date: Fri, 03 Oct 2014 13:48:01 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/ospf/nMnXt8rWmeLFk8aE9SllKrBpLw8
Cc: ospf@ietf.org
Subject: [OSPF] Last Call: <draft-ietf-ospf-security-extension-manual-keying-08.txt> (Security Extension for OSPFv2 when using Manual Key Management) to Proposed Standard
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 20:48:03 -0000
The IESG has received a request from the Open Shortest Path First IGP WG (ospf) to consider the following document: - 'Security Extension for OSPFv2 when using Manual Key Management' <draft-ietf-ospf-security-extension-manual-keying-08.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-10-17. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The current OSPFv2 cryptographic authentication mechanism as defined in RFC 2328 and RFC 5709 is vulnerable to both inter-session and intra-session replay attacks when using manual keying. Additionally, the existing cryptographic authentication mechanism does not cover the IP header. This omission can be exploited to carry out various types of attacks. This draft proposes changes to the authentication sequence number mechanism that will protect OSPFv2 from both inter-session and intra- session replay attacks when using manual keys for securing OSPFv2 protocol packets. Additionally, we also describe some changes in the cryptographic hash computation that will eliminate attacks resulting from OSPFv2 not protecting the IP header. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying/ballot/ No IPR declarations have been submitted directly on this I-D.