[RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
"Bhatia, Manav \(Manav\)" <manav@alcatel-lucent.com> Tue, 01 May 2007 02:00 UTC
Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HihfH-0003ja-0g; Mon, 30 Apr 2007 22:00:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HihfG-0003jS-84 for rpsec@ietf.org; Mon, 30 Apr 2007 22:00:26 -0400
Received: from ihemail2.lucent.com ([135.245.0.35]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HihfF-0005IF-Gc for rpsec@ietf.org; Mon, 30 Apr 2007 22:00:26 -0400
Received: from ilexp01.ndc.lucent.com (h135-3-39-1.lucent.com [135.3.39.1]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id l4120Obr008268 for <rpsec@ietf.org>; Mon, 30 Apr 2007 21:00:24 -0500 (CDT)
Received: from inexp01.in.lucent.com ([135.254.223.65]) by ilexp01.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 30 Apr 2007 21:00:24 -0500
Received: from INEXC1U01.in.lucent.com ([135.254.223.20]) by inexp01.in.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 1 May 2007 07:30:19 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 01 May 2007 07:30:11 +0530
Message-ID: <6D26D1FE43A66F439F8109CDD424196566BEB2@INEXC1U01.in.lucent.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Issues with existing Cryptographic Protection Methods for Routing Protocols
Thread-Index: AceLlHPoYMKYf6GKT0CmgI6BSWhdcQ==
From: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
To: rpsec@ietf.org
X-OriginalArrivalTime: 01 May 2007 02:00:19.0416 (UTC) FILETIME=[785D7580:01C78B94]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Subject: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
Hi, The routing protocols crypto issues draft was discussed in the RPSEC WG some time back and we have now posted an updated version of the same. We would be interested in the comments from the WG. The URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-manral-rpsec-existing-crypto-0 4.txt Routing protocols often use cryptographic mechanisms to authenticate data being received from a neighboring router assuming that it has not been modified in transit, and actually originated from the neighboring router purporting to have originating the data. Most of the cryptographic mechanisms rely on hash algorithms applied to the data in the routing protocol packet, which means the data is transported, in the clear, along with the has signature based on the data itself. These mechanisms rely on the manual configuration of the keys used to seed, or build, these hash based signatures. This document outlines some of the problems with manual keying of these cryptographic algorithms and some attacks that the current routing protocols are vulnerable to despite using the cryptographic authentication methods described for each one of them. Cheers, Russ, Vishwas and Manav _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Issues with existing Cryptographic Protec… Bhatia, Manav (Manav)
- Re: [RPSEC] Issues with existing Cryptographic Pr… Vishwas Manral
- [RPSEC] Issues with existing Cryptographic Protec… Bhatia, Manav (Manav)
- Re: [RPSEC] Issues with existing Cryptographic Pr… Ron Bonica
- Re: [RPSEC] Issues with existing Cryptographic Pr… Bhatia, Manav (Manav)