Hi, Both draft-ietf-opsec-routing-protocols-crypto-issues-07.txt and draft-hartman-ospf-analysis-01.txt describe certain attacks that OSPFv2 is vulnerable to because of OSPFv2 not covering some fields from the IP header in its crypto computation. This draft describes a very simple mechanism to fix such auth vulnerabilities.
Would be great if the WG members can go through this and provide some feedback. Cheers, Manav ----- Forwarded Message ---- From: "[email protected]" <[email protected]> To: [email protected] Sent: Mon, October 11, 2010 6:30:02 PM Subject: I-D Action:draft-bhatia-karp-ospf-ip-layer-protection-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Mechanism to protect OSPFv2 authentication from IP Layer Issues Author(s) : M. Bhatia Filename : draft-bhatia-karp-ospf-ip-layer-protection-00.txt Pages : 10 Date : 2010-10-06 The IP header is not covered by the MAC in the cryptographic authentication scheme as described in RFC 2328 and RFC 5709, and an attack can be made to exploit this omission. This draft proposes a simple change in how the authentication is computed to eliminate most of such attacks. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bhatia-karp-ospf-ip-layer-protection-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. -- Manav Bhatia, IP Division, Alcatel-Lucent, Bangalore - India _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
