Re: [RPSEC] Cryptographic Algorithm Implementation Requirements for Routing Protocols
"Vishwas Manral" <vishwas.ietf@gmail.com> Tue, 26 February 2008 17:28 UTC
Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: ietfarch-rpsec-archive@core3.amsl.com
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F7603A6D4F; Tue, 26 Feb 2008 09:28:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.652
X-Spam-Level:
X-Spam-Status: No, score=-0.652 tagged_above=-999 required=5 tests=[AWL=-0.215, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5hZdck6jc-MK; Tue, 26 Feb 2008 09:28:04 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBB0E28C564; Tue, 26 Feb 2008 09:28:02 -0800 (PST)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF94628C464 for <rpsec@core3.amsl.com>; Tue, 26 Feb 2008 09:28:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edGf8qI6nFY2 for <rpsec@core3.amsl.com>; Tue, 26 Feb 2008 09:28:00 -0800 (PST)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by core3.amsl.com (Postfix) with ESMTP id D582A3A6D11 for <rpsec@ietf.org>; Tue, 26 Feb 2008 09:27:33 -0800 (PST)
Received: by wf-out-1314.google.com with SMTP id 25so1536260wfa.31 for <rpsec@ietf.org>; Tue, 26 Feb 2008 09:27:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=maNIr/cLCcoNBTsoKb1q753+CdxMkpGLF0teucKwUI8=; b=vCi0Fm+Mjh2hgRh/6tg6MV8TVxhA3d5lWj32oWVdi3+lUTJFbq/qxDawAvzAaAhkuOrqW0E5GcQUTJq0Nd9w1iarq/sP2V8FH3Pxb67MjVVB4XRgjPk0xzcGYP3RNMVhtgh/ZgJNf/ckwZwud2IILwKALDJoyn81eU/P8CtYS0A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RkrFB/kdERl50CCHFtcY15LLIO8+oHCehpZ97Ij85RoC2hB9MaWb4eVJtz/YGyd7xe8VAypX5IKgY18y3cJHiapaGnVnweRTWfyhvQvv+NQHIX68EIxScissGYpSHgoDn35lkkkV8q8EtUksV213gZiVtkUKbPq9kHAlUxts1h4=
Received: by 10.142.191.2 with SMTP id o2mr4006292wff.209.1204046847458; Tue, 26 Feb 2008 09:27:27 -0800 (PST)
Received: by 10.143.164.14 with HTTP; Tue, 26 Feb 2008 09:27:27 -0800 (PST)
Message-ID: <77ead0ec0802260927q2c4f8dfclff72100b19565099@mail.gmail.com>
Date: Tue, 26 Feb 2008 09:27:27 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
In-Reply-To: <6D26D1FE43A66F439F8109CDD4241965012E982D@INEXC1U01.in.lucent.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <6D26D1FE43A66F439F8109CDD4241965012E982D@INEXC1U01.in.lucent.com>
Cc: rpsec@ietf.org
Subject: Re: [RPSEC] Cryptographic Algorithm Implementation Requirements for Routing Protocols
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org
Hi Manav, This very same thing has come up in SAAG too. If we keep such requirements seperate for each protocol, we may end up having more people documenting the cryptographic protocol requirement for each protocol than the number of people actually working on the protocols. We can use the draft to have requirement for BGP too, with the new TCPM extension - authored by Ron. Thanks, Vishwas On Tue, Feb 26, 2008 at 9:02 AM, Bhatia, Manav (Manav) <manav@alcatel-lucent.com> wrote: > Hi, > > Our earlier drafts on OSPF/IS-IS cryptographic algorithms implementation > requirements were discussed in the 67th and 68th IETFs. It was suggested > that we merge our OSPF and IS-IS drafts into one, include RIP, and > present the same in the RPSEC WG. This is the first version of the > merged draft. > > Abstract: > > The interior gateway routing protocols OSPFv2 [RFC2328], IS-IS [ISO] > [RFC1195] and RIP [RFC2453] currently define clear text and MD5 > [RFC1321] algorithms for authenticating their protocol packets. There > have recently been documents adding support of the SHA family of hash > algorithms for authenticating routing protocol packets for RIP, IS-IS > and OSPF. > > To ensure interoperability between disparate implementations, it is > imperative that we specify a set of mandatory-to-implement algorithms > thereby ensuring that there is at least one algorithm that all > implementations will have available. This document defines the current > set of mandatory-to-implement algorithms to be used for the > cryptographic authentication of these routing protocols as well as > specifying the algorithms that should be implemented because they may be > promoted to mandatory at some future time. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-bhatia-manral-igp-crypto-requi > rements-00.txt > > Regards, > Manav > _______________________________________________ > RPSEC mailing list > RPSEC@ietf.org > http://www.ietf.org/mailman/listinfo/rpsec > _______________________________________________ RPSEC mailing list RPSEC@ietf.org http://www.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Cryptographic Algorithm Implementation Re… Bhatia, Manav (Manav)
- Re: [RPSEC] Cryptographic Algorithm Implementatio… Vishwas Manral