[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols

To: "Ron Bonica" <rbonica at juniper.net>
Subject: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
From: "Bhatia, Manav \(Manav\)" <manav at alcatel-lucent.com>
Date: Thu, 14 Feb 2008 07:38:52 +0530
Cc: rpsec at ietf.org
Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
Delivered-to: rpsec at core3.amsl.com
In-reply-to: <47B3173B.5090106 at juniper.net>
List-archive: <http://www.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
References: <6D26D1FE43A66F439F8109CDD42419650125AA3E at INEXC1U01.in.lucent.com> <47B3173B.5090106 at juniper.net>
Sender: rpsec-bounces at ietf.org
Thread-index: AchuW8/NrqUWfazKQzyC2TnYYJnyGgAUkyZw
Thread-topic: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols

Yes, I think it would be good to consider draft-ietf-tcpm-tcp-auth-opt
wrt BGP. We'll do this in the next cut.

Manav

> -----Original Message-----
> From: Ron Bonica [mailto:rbonica at juniper.net] 
> Sent: Wednesday, February 13, 2008 9.44 PM
> To: Bhatia, Manav (Manav)
> Cc: rpsec at ietf.org
> Subject: Re: [RPSEC] Issues with existing Cryptographic 
> Protection Methods for Routing Protocols
> 
> Guys,
> 
> This is a good summary. Thank you for writing it.
> 
> Do you think that it would be helpful to mention that some protocols
> (e.g., OSPFv2) have mechanisms for graceful rekeying.
> 
> Also, do you think that it might be helpful to consider
> draft-ietf-tcpm-tcp-auth-opt wrt BGP?
> 
>                                         Ron
> 
> 
> Bhatia, Manav (Manav) wrote:
> > Folks,
> > 
> > We have posted a revised version of the above draft. Would 
> appreciate
> > feedback from the WG.
> > 
> > Routing protocols are designed to use cryptographic mechanisms to
> > authenticate data being received from a neighboring router to ensure
> > that it has not been modified in transit, and actually 
> originated from
> > the neighboring router purporting to have originating the 
> data. Most of
> > the cryptographic mechanisms defined to date rely on hash algorithms
> > applied to the data in the routing protocol packet, which 
> means the data
> > is transported, in the clear, along with a signature based 
> on the data
> > itself.  These mechanisms rely on the manual configuration 
> of the keys
> > used to seed, or build, these hash based signatures.  This document
> > outlines some of the problems with manual keying of these 
> cryptographic
> > algorithms.
> > 
> > 
> http://www.ietf.org/internet-drafts/draft-manral-rpsec-existin
> g-crypto-0
> > 5.txt
> > 
> > Thanks,
> > Vishwas, Russ and Manav
> > _______________________________________________
> > RPSEC mailing list
> > RPSEC at ietf.org
> > http://www.ietf.org/mailman/listinfo/rpsec
> > 
> 
_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
http://www.ietf.org/mailman/listinfo/rpsec

References:
- [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
  - From: Bhatia, Manav \(Manav\)
- Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
  - From: Ron Bonica

Prev by Date: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Next by Date: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Previous by thread: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Next by thread: Re: [RPSEC] Issues with existing Cryptographic Protection Methods for Routing Protocols
Index(es):
- Date
- Thread