draft-ietf-ospf-rfc6506bis-00.txt   draft-ietf-ospf-rfc6506bis-01.txt 
OSPF Working Group M. Bhatia OSPF Working Group M. Bhatia
Internet-Draft Alcatel-Lucent Internet-Draft Alcatel-Lucent
Obsoletes: 6506 (if approved) V. Manral Obsoletes: 6506 (if approved) V. Manral
Intended status: Standards Track Hewlett Packard Intended status: Standards Track Hewlett Packard
Expires: February 14, 2014 A. Lindem Expires: April 11, 2014 A. Lindem
Ericsson Ericsson
August 13, 2013 October 8, 2013
Supporting Authentication Trailer for OSPFv3 Supporting Authentication Trailer for OSPFv3
draft-ietf-ospf-rfc6506bis-00.txt draft-ietf-ospf-rfc6506bis-01.txt
Abstract Abstract
Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism
for authenticating protocol packets. This behavior is different from for authenticating protocol packets. This behavior is different from
authentication mechanisms present in other routing protocols (OSPFv2, authentication mechanisms present in other routing protocols (OSPFv2,
Intermediate System to Intermediate System (IS-IS), RIP, and Routing Intermediate System to Intermediate System (IS-IS), RIP, and Routing
Information Protocol Next Generation (RIPng)). In some environments, Information Protocol Next Generation (RIPng)). In some environments,
it has been found that IPsec is difficult to configure and maintain it has been found that IPsec is difficult to configure and maintain
and thus cannot be used. This document defines an alternative and thus cannot be used. This document defines an alternative
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 14, 2014. This Internet-Draft will expire on April 11, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 10 skipping to change at page 3, line 10
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Summary of Changes from RFC 6506 . . . . . . . . . . . . . 5 1.2. Summary of Changes from RFC 6506 . . . . . . . . . . . . . 5
2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 6 2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 7
2.1. AT-Bit in Options Field . . . . . . . . . . . . . . . . . 6 2.1. AT-Bit in Options Field . . . . . . . . . . . . . . . . . 7
2.2. Basic Operation . . . . . . . . . . . . . . . . . . . . . 7 2.2. Basic Operation . . . . . . . . . . . . . . . . . . . . . 8
2.3. IPv6 Source Address Protection . . . . . . . . . . . . . . 7 2.3. IPv6 Source Address Protection . . . . . . . . . . . . . . 8
3. OSPFv3 Security Association . . . . . . . . . . . . . . . . . 9 3. OSPFv3 Security Association . . . . . . . . . . . . . . . . . 10
4. Authentication Procedure . . . . . . . . . . . . . . . . . . . 12 4. Authentication Procedure . . . . . . . . . . . . . . . . . . . 13
4.1. Authentication Trailer . . . . . . . . . . . . . . . . . . 12 4.1. Authentication Trailer . . . . . . . . . . . . . . . . . . 13
4.1.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . 13 4.1.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . 14
4.2. OSPFv3 Header Checksum and LLS Data Block Checksum . . . . 14 4.2. OSPFv3 Header Checksum and LLS Data Block Checksum . . . . 15
4.3. Cryptographic Authentication Procedure . . . . . . . . . . 14 4.3. Cryptographic Authentication Procedure . . . . . . . . . . 15
4.4. Cross-Protocol Attack Mitigation . . . . . . . . . . . . . 15 4.4. Cross-Protocol Attack Mitigation . . . . . . . . . . . . . 16
4.5. Cryptographic Aspects . . . . . . . . . . . . . . . . . . 15 4.5. Cryptographic Aspects . . . . . . . . . . . . . . . . . . 16
4.6. Message Verification . . . . . . . . . . . . . . . . . . . 17 4.6. Message Verification . . . . . . . . . . . . . . . . . . . 18
5. Migration and Backward Compatibility . . . . . . . . . . . . . 20 5. Migration and Backward Compatibility . . . . . . . . . . . . . 21
6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 6. Security Considerations . . . . . . . . . . . . . . . . . . . 22
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
8.1. Normative References . . . . . . . . . . . . . . . . . . . 23 8.1. Normative References . . . . . . . . . . . . . . . . . . . 24
8.2. Informative References . . . . . . . . . . . . . . . . . . 23 8.2. Informative References . . . . . . . . . . . . . . . . . . 24
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 25 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
Unlike Open Shortest Path First version 2 (OSPFv2) [RFC2328], OSPF Unlike Open Shortest Path First version 2 (OSPFv2) [RFC2328], OSPF
for IPv6 (OSPFv3) [RFC5340] does not include the AuType and for IPv6 (OSPFv3) [RFC5340] does not include the AuType and
Authentication fields in its headers for authenticating protocol Authentication fields in its headers for authenticating protocol
packets. Instead, OSPFv3 relies on the IPsec protocols packets. Instead, OSPFv3 relies on the IPsec protocols
Authentication Header (AH) [RFC4302] and Encapsulating Security Authentication Header (AH) [RFC4302] and Encapsulating Security
Payload (ESP) [RFC4303] to provide integrity, authentication, and/or Payload (ESP) [RFC4303] to provide integrity, authentication, and/or
confidentiality. confidentiality.
skipping to change at page 5, line 30 skipping to change at page 5, line 30
This document includes the following changes from RFC 6506 [RFC6506]: This document includes the following changes from RFC 6506 [RFC6506]:
1. Sections 2.2 and 4.2 explicitly state that the Link-Local 1. Sections 2.2 and 4.2 explicitly state that the Link-Local
Signaling (LLS) block checksum calculation is omitted when an Signaling (LLS) block checksum calculation is omitted when an
OSPFv3 authentication trailer is used for OSPFv3 authentication. OSPFv3 authentication trailer is used for OSPFv3 authentication.
The LLS block is included in the authentication digest The LLS block is included in the authentication digest
calculation and computation of a checksum is unnecessary. calculation and computation of a checksum is unnecessary.
Clarification of this issue was documented in an errata. Clarification of this issue was documented in an errata.
2. Section 4.5 includes a correction to the key preparation to use 2. Section 3 previously advocated usage of an expired key for
transmitted OSPFv3 packets when no valid keys existed. This
statement has been removed.
3. Section 4.5 includes a correction to the key preparation to use
the protocol specific key (Ks) rather than the key (K) as the the protocol specific key (Ks) rather than the key (K) as the
initial key (Ko). This problem was also documented in an errata. initial key (Ko). This problem was also documented in an errata.
3. Section 4.5 also includes a discussion of the choice of key 4. Section 4.5 also includes a discussion of the choice of key
length to be the hash length (L) rather than the block size (B). length to be the hash length (L) rather than the block size (B).
The discussion of this choice was included to clarify an issue The discussion of this choice was included to clarify an issue
raised in a rejected errata. raised in a rejected errata.
4. Section 4.1 and 4.6 indicate that sequence number checking is 5. Section 4.1 and 4.6 indicate that sequence number checking is
dependent on OSPFv3 packet type in order to account for packet dependent on OSPFv3 packet type in order to account for packet
prioritization as specified in [RFC4222]. This was an omission prioritization as specified in [RFC4222]. This was an omission
from RFC 6506 [RFC6506]. from RFC 6506 [RFC6506].
5. Section 5 includes guidance on precisely the actions required for 6. Section 4.6 explicitly states that OSPFv3 packets with a non-
existent or expired Security Association (SA) will be dropped.
7. Section 5 includes guidance on precisely the actions required for
an OSPFv3 router providing a backward compatible transition mode. an OSPFv3 router providing a backward compatible transition mode.
2. Proposed Solution 2. Proposed Solution
To perform non-IPsec Cryptographic Authentication, OSPFv3 routers To perform non-IPsec Cryptographic Authentication, OSPFv3 routers
append a special data block, henceforth referred to as the append a special data block, henceforth referred to as the
Authentication Trailer, to the end of the OSPFv3 packets. The length Authentication Trailer, to the end of the OSPFv3 packets. The length
of the Authentication Trailer is not included in the length of the of the Authentication Trailer is not included in the length of the
OSPFv3 packet but is included in the IPv6 payload length, as shown in OSPFv3 packet but is included in the IPv6 payload length, as shown in
Figure 1. Figure 1.
skipping to change at page 18, line 27 skipping to change at page 19, line 27
the AT. It is RECOMMENDED that OSPFv3 routers supporting this the AT. It is RECOMMENDED that OSPFv3 routers supporting this
specification fully support OSPFv3 Link-Local Signaling [RFC5613]. specification fully support OSPFv3 Link-Local Signaling [RFC5613].
If usage of the Authentication Trailer (AT), as specified herein, is If usage of the Authentication Trailer (AT), as specified herein, is
configured for an OSPFv3 link, OSPFv3 Hello and Database Description configured for an OSPFv3 link, OSPFv3 Hello and Database Description
packets with the AT-bit clear in the options will be dropped. All packets with the AT-bit clear in the options will be dropped. All
OSPFv3 packet types will be dropped if AT is configured for the link OSPFv3 packet types will be dropped if AT is configured for the link
and the IPv6 header length is less than the amount necessary to and the IPv6 header length is less than the amount necessary to
include an Authentication Trailer. include an Authentication Trailer.
Locate the receiving interface's OSPFv3 SA using the SA ID in the
received AT. If the SA is not found, or if the SA is not valid for
reception (i.e., current time < KeyStartAccept or current time >=
KeyStopAccept), the OSPFv3 packet is dropped.
If the cryptographic sequence number in the AT is less than or equal If the cryptographic sequence number in the AT is less than or equal
to the last sequence number in the last OSPFv3 packet of the same to the last sequence number in the last OSPFv3 packet of the same
OSPFv3 type successfully received from the neighbor, the OSPFv3 OSPFv3 type successfully received from the neighbor, the OSPFv3
packet MUST be dropped, and an error event SHOULD be logged. OSPFv3 packet MUST be dropped, and an error event SHOULD be logged. OSPFv3
packets of different types may arrive out of order if they are packets of different types may arrive out of order if they are
prioritized as recommended in [RFC4222]. prioritized as recommended in [RFC4222].
Authentication-algorithm-dependent processing needs to be performed, Authentication-algorithm-dependent processing needs to be performed,
using the algorithm specified by the appropriate OSPFv3 SA for the using the algorithm specified by the appropriate OSPFv3 SA for the
received packet. received packet.
skipping to change at page 25, line 33 skipping to change at page 26, line 33
use of a 64-bit strictly increasing sequence number. Also, thanks to use of a 64-bit strictly increasing sequence number. Also, thanks to
Sam for comments during IETF last call with respect to the OSPFv3 SA Sam for comments during IETF last call with respect to the OSPFv3 SA
and sharing of key between protocols. and sharing of key between protocols.
Thanks to Michael Barnes for numerous comments and strong input on Thanks to Michael Barnes for numerous comments and strong input on
the coverage of LLS by the Authentication Trailer (AT). the coverage of LLS by the Authentication Trailer (AT).
Thanks to Marek Karasek for providing the specifics with respect to Thanks to Marek Karasek for providing the specifics with respect to
backward compatible transition mode. backward compatible transition mode.
Thanks to Michael Dubrovskiy and Anton Smirnov for comments on draft
revisions.
Thanks to Rajesh Shetty for numerous comments, including the Thanks to Rajesh Shetty for numerous comments, including the
suggestion to include an Authentication Type field in the suggestion to include an Authentication Type field in the
Authentication Trailer for extendibility. Authentication Trailer for extendibility.
Thanks to Uma Chunduri for suggesting that we may want to protect the Thanks to Uma Chunduri for suggesting that we may want to protect the
IPv6 source address even though OSPFv3 uses the Router ID for IPv6 source address even though OSPFv3 uses the Router ID for
neighbor identification. neighbor identification.
Thanks to Srinivasan KL, Shraddha H, Alan Davey, Russ White, Stan Thanks to Srinivasan KL, Shraddha H, Alan Davey, Russ White, Stan
Ratliff, and Glen Kent for their support and review comments. Ratliff, and Glen Kent for their support and review comments.
 End of changes. 11 change blocks. 
29 lines changed or deleted 44 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/