This version just addresses Alia¹s AD review comments. The draft is in IESG Last Call. Thanks, Acee
On 10/7/14, 6:38 AM, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote: > >A new version of I-D, >draft-ietf-ospf-security-extension-manual-keying-09.txt >has been successfully submitted by Manav Bhatia and posted to the >IETF repository. > >Name: draft-ietf-ospf-security-extension-manual-keying >Revision: 09 >Title: Security Extension for OSPFv2 when using Manual Key Management >Document date: 2014-10-06 >Group: ospf >Pages: 13 >URL: >http://www.ietf.org/internet-drafts/draft-ietf-ospf-security-extension-man >ual-keying-09.txt >Status: >https://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual >-keying/ >Htmlized: >http://tools.ietf.org/html/draft-ietf-ospf-security-extension-manual-keyin >g-09 >Diff: >http://www.ietf.org/rfcdiff?url2=draft-ietf-ospf-security-extension-manual >-keying-09 > >Abstract: > The current OSPFv2 cryptographic authentication mechanism as defined > in RFC 2328 and RFC 5709 is vulnerable to both inter-session and > intra-session replay attacks when using manual keying. Additionally, > the existing cryptographic authentication mechanism does not cover > the IP header. This omission can be exploited to carry out various > types of attacks. > > This draft proposes changes to the authentication sequence number > mechanism that will protect OSPFv2 from both inter-session and intra- > session replay attacks when using manual keys for securing OSPFv2 > protocol packets. Additionally, we also describe some changes in the > cryptographic hash computation that will eliminate attacks resulting > from OSPFv2 not protecting the IP header. > > > > > >Please note that it may take a couple of minutes from the time of >submission >until the htmlized version and diff are available at tools.ietf.org. > >The IETF Secretariat > _______________________________________________ OSPF mailing list OSPF@ietf.org https://www.ietf.org/mailman/listinfo/ospf
