This version includes the key table clarifications to packet transmission and reception that I talked about in the IETF 88 OSPF WG meeting. Hopefully, we can WG last call this draft soon. Thanks, Acee
Begin forwarded message: From: <[email protected]<mailto:[email protected]>> Date: November 25, 2013 1:54:13 PM EST To: Manav Bhatia <[email protected]<mailto:[email protected]>>, Sam Hartman <[email protected]<mailto:[email protected]>>, Dacheng Zhang <[email protected]<mailto:[email protected]>>, Acee Lindem <[email protected]<mailto:[email protected]>> Subject: New Version Notification for draft-ietf-ospf-security-extension-manual-keying-06.txt A new version of I-D, draft-ietf-ospf-security-extension-manual-keying-06.txt has been successfully submitted by Manav Bhatia and posted to the IETF repository. Filename: draft-ietf-ospf-security-extension-manual-keying Revision: 06 Title: Security Extension for OSPFv2 when using Manual Key Management Creation date: 2013-11-25 Group: ospf Number of pages: 13 URL: http://www.ietf.org/internet-drafts/draft-ietf-ospf-security-extension-manual-keying-06.txt Status: http://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual-keying Htmlized: http://tools.ietf.org/html/draft-ietf-ospf-security-extension-manual-keying-06 Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-ospf-security-extension-manual-keying-06 Abstract: The current OSPFv2 cryptographic authentication mechanism as defined in RFC 2328 and RFC 5709 is vulnerable to both inter-session and intra-session replay attacks when using manual keying. Additionally, the existing cryptographic authentication schemes do not cover the IP header. This omission can be exploited to carry out various types of attacks. This draft proposes changes to the authentication sequence number mechanism that will protect OSPFv2 from both inter-session and intra- session replay attacks when using manual keys for securing OSPFv2 protocol packets. Additionally, we also describe some changes in the cryptographic hash computation so that we eliminate most attacks that result from OSPFv2 not protecting the IP header. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
