Hi, Srinivasan L from Huawei had noticed an issue with the text that appeared in Sec 4.5 and had sent me an email asking me about this. It appears like a genuine issue and I have raised an errata for this.
We had added text to support cross protocol attacks as part of the secdir review. Clearly, we missed updating the text in Sec 4.5. This is one problem that occurs when we make substantial changes so late in the cycle - there aren't enough review cycles that the draft goes through. Cheers, Manav -----Original Message----- From: RFC Errata System [mailto:[email protected]] Sent: Thursday, September 06, 2012 9:21 AM To: Bhatia, Manav (Manav); [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Cc: Bhatia, Manav (Manav); [email protected]; [email protected] Subject: [Technical Errata Reported] RFC6506 (3335) The following errata report has been submitted for RFC6506, "Supporting Authentication Trailer for OSPFv3". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6506&eid=3335 -------------------------------------- Type: Technical Reported by: Manav Bhatia <[email protected]> Section: 4.5 Original Text ------------- If the Protocol-Specific Authentication Key (Ks) is L octets long, then Ko is equal to K. Corrected Text -------------- If the Protocol-Specific Authentication Key (Ks) is L octets long, then Ko is equal to Ks. Notes ----- The key K is never used in computing the digest. There is a class of cross protocol attacks that can be prevented if the original key K is appended with a few well known bytes. As a result, the key K is appended with a 2 octet crypto protocol ID to derive a new key Ks. Its this key that must always be used. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6506 (draft-ietf-ospf-auth-trailer-ospfv3-11) -------------------------------------- Title : Supporting Authentication Trailer for OSPFv3 Publication Date : February 2012 Author(s) : M. Bhatia, V. Manral, A. Lindem Category : PROPOSED STANDARD Source : Open Shortest Path First IGP Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
