IETF Logo Mail Archive

[RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols

"Bhatia, Manav \(Manav\)" <manav@alcatel-lucent.com> Tue, 01 May 2007 02:00 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HihfH-0003ja-0g; Mon, 30 Apr 2007 22:00:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HihfG-0003jS-84 for rpsec@ietf.org; Mon, 30 Apr 2007 22:00:26 -0400
Received: from ihemail2.lucent.com ([135.245.0.35]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HihfF-0005IF-Gc for rpsec@ietf.org; Mon, 30 Apr 2007 22:00:26 -0400
Received: from ilexp01.ndc.lucent.com (h135-3-39-1.lucent.com [135.3.39.1]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id l4120Obr008268 for <rpsec@ietf.org>; Mon, 30 Apr 2007 21:00:24 -0500 (CDT)
Received: from inexp01.in.lucent.com ([135.254.223.65]) by ilexp01.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 30 Apr 2007 21:00:24 -0500
Received: from INEXC1U01.in.lucent.com ([135.254.223.20]) by inexp01.in.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 1 May 2007 07:30:19 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 01 May 2007 07:30:11 +0530
Message-ID: <6D26D1FE43A66F439F8109CDD424196566BEB2@INEXC1U01.in.lucent.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Issues with existing Cryptographic Protection Methods for Routing Protocols
Thread-Index: AceLlHPoYMKYf6GKT0CmgI6BSWhdcQ==
From: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
To: rpsec@ietf.org
X-OriginalArrivalTime: 01 May 2007 02:00:19.0416 (UTC) FILETIME=[785D7580:01C78B94]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Subject: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

Hi,

The routing protocols crypto issues draft was discussed in the RPSEC WG
some time back and we have now posted an updated version of the same. We
would be interested in the comments from the WG.

The URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-manral-rpsec-existing-crypto-0
4.txt

Routing protocols often use cryptographic mechanisms to authenticate
data being received from a neighboring router assuming that it has not
been modified in transit, and actually originated from the neighboring
router purporting to have originating the data.  Most of the
cryptographic mechanisms rely on hash algorithms applied to the data in
the routing protocol packet, which means the data is transported, in the
clear, along with the has signature based on the data itself.  These
mechanisms rely on the manual configuration of the keys used to seed, or
build, these hash based signatures.  This document outlines some of the
problems with manual keying of these cryptographic algorithms and some
attacks that the current routing protocols are vulnerable to despite
using the cryptographic authentication methods described for each one of
them.

Cheers,
Russ, Vishwas and Manav

_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email