[RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
"Bhatia, Manav \(Manav\)" <manav@alcatel-lucent.com> Tue, 12 February 2008 00:42 UTC
Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: ietfarch-rpsec-archive@core3.amsl.com
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 25C123A6D03; Mon, 11 Feb 2008 16:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.21
X-Spam-Level:
X-Spam-Status: No, score=-0.21 tagged_above=-999 required=5 tests=[AWL=0.227, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbtXvJHyxNNw; Mon, 11 Feb 2008 16:42:13 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48BEE3A6D76; Mon, 11 Feb 2008 16:42:13 -0800 (PST)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F8213A6D76 for <rpsec@core3.amsl.com>; Mon, 11 Feb 2008 16:42:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UIDyO31LNQMW for <rpsec@core3.amsl.com>; Mon, 11 Feb 2008 16:42:11 -0800 (PST)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id 728C83A6D03 for <rpsec@ietf.org>; Mon, 11 Feb 2008 16:42:11 -0800 (PST)
Received: from ilexp01.ndc.lucent.com (h135-3-39-1.lucent.com [135.3.39.1]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id m1C0haW7000513 for <rpsec@ietf.org>; Mon, 11 Feb 2008 18:43:36 -0600 (CST)
Received: from inexp02.in.lucent.com ([135.254.223.66]) by ilexp01.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 11 Feb 2008 18:43:35 -0600
Received: from INEXC1U01.in.lucent.com ([135.254.223.20]) by inexp02.in.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 12 Feb 2008 06:13:31 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 12 Feb 2008 06:13:04 +0530
Message-ID: <6D26D1FE43A66F439F8109CDD42419650125AA3E@INEXC1U01.in.lucent.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Issues with existing Cryptographic Protection Methods for Routing Protocols
Thread-Index: AchtEDoNwKLhy/8jT0m1Sx+EGIlVdw==
From: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
To: rpsec@ietf.org
X-OriginalArrivalTime: 12 Feb 2008 00:43:31.0696 (UTC) FILETIME=[4A816F00:01C86D10]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Subject: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org
Folks, We have posted a revised version of the above draft. Would appreciate feedback from the WG. Routing protocols are designed to use cryptographic mechanisms to authenticate data being received from a neighboring router to ensure that it has not been modified in transit, and actually originated from the neighboring router purporting to have originating the data. Most of the cryptographic mechanisms defined to date rely on hash algorithms applied to the data in the routing protocol packet, which means the data is transported, in the clear, along with a signature based on the data itself. These mechanisms rely on the manual configuration of the keys used to seed, or build, these hash based signatures. This document outlines some of the problems with manual keying of these cryptographic algorithms. http://www.ietf.org/internet-drafts/draft-manral-rpsec-existing-crypto-0 5.txt Thanks, Vishwas, Russ and Manav _______________________________________________ RPSEC mailing list RPSEC@ietf.org http://www.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Issues with existing Cryptographic Protec… Bhatia, Manav (Manav)
- Re: [RPSEC] Issues with existing Cryptographic Pr… Vishwas Manral
- [RPSEC] Issues with existing Cryptographic Protec… Bhatia, Manav (Manav)
- Re: [RPSEC] Issues with existing Cryptographic Pr… Ron Bonica
- Re: [RPSEC] Issues with existing Cryptographic Pr… Bhatia, Manav (Manav)