[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols

To: "Bhatia, Manav \(Manav\)" <manav at alcatel-lucent.com>
Subject: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
From: Ron Bonica <rbonica at juniper.net>
Date: Wed, 13 Feb 2008 11:13:47 -0500
Cc: rpsec at ietf.org
Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
Delivered-to: rpsec at core3.amsl.com
In-reply-to: <6D26D1FE43A66F439F8109CDD42419650125AA3E at INEXC1U01.in.lucent.com>
List-archive: <http://www.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
References: <6D26D1FE43A66F439F8109CDD42419650125AA3E at INEXC1U01.in.lucent.com>
Sender: rpsec-bounces at ietf.org
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Guys,

This is a good summary. Thank you for writing it.

Do you think that it would be helpful to mention that some protocols
(e.g., OSPFv2) have mechanisms for graceful rekeying.

Also, do you think that it might be helpful to consider
draft-ietf-tcpm-tcp-auth-opt wrt BGP?

                                        Ron


Bhatia, Manav (Manav) wrote:
> Folks,
> 
> We have posted a revised version of the above draft. Would appreciate
> feedback from the WG.
> 
> Routing protocols are designed to use cryptographic mechanisms to
> authenticate data being received from a neighboring router to ensure
> that it has not been modified in transit, and actually originated from
> the neighboring router purporting to have originating the data. Most of
> the cryptographic mechanisms defined to date rely on hash algorithms
> applied to the data in the routing protocol packet, which means the data
> is transported, in the clear, along with a signature based on the data
> itself.  These mechanisms rely on the manual configuration of the keys
> used to seed, or build, these hash based signatures.  This document
> outlines some of the problems with manual keying of these cryptographic
> algorithms.
> 
> http://www.ietf.org/internet-drafts/draft-manral-rpsec-existing-crypto-0
> 5.txt
> 
> Thanks,
> Vishwas, Russ and Manav
> _______________________________________________
> RPSEC mailing list
> RPSEC at ietf.org
> http://www.ietf.org/mailman/listinfo/rpsec
> 
_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
http://www.ietf.org/mailman/listinfo/rpsec

Follow-Ups:
- Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
  - From: Vishwas Manral
- Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
  - From: Bhatia, Manav \(Manav\)

References:
- [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
  - From: Bhatia, Manav \(Manav\)

Prev by Date: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Next by Date: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Previous by thread: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Next by thread: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Index(es):
- Date
- Thread