draft-ietf-ospf-rfc6506bis-01.txt   draft-ietf-ospf-rfc6506bis-02.txt 
OSPF Working Group M. Bhatia OSPF Working Group M. Bhatia
Internet-Draft Alcatel-Lucent Internet-Draft Alcatel-Lucent
Obsoletes: 6506 (if approved) V. Manral Obsoletes: 6506 (if approved) V. Manral
Intended status: Standards Track Hewlett Packard Intended status: Standards Track Hewlett Packard
Expires: April 11, 2014 A. Lindem Expires: May 16, 2014 A. Lindem
Ericsson Ericsson
October 8, 2013 November 12, 2013
Supporting Authentication Trailer for OSPFv3 Supporting Authentication Trailer for OSPFv3
draft-ietf-ospf-rfc6506bis-01.txt draft-ietf-ospf-rfc6506bis-02.txt
Abstract Abstract
Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism
for authenticating protocol packets. This behavior is different from for authenticating protocol packets. This behavior is different from
authentication mechanisms present in other routing protocols (OSPFv2, authentication mechanisms present in other routing protocols (OSPFv2,
Intermediate System to Intermediate System (IS-IS), RIP, and Routing Intermediate System to Intermediate System (IS-IS), RIP, and Routing
Information Protocol Next Generation (RIPng)). In some environments, Information Protocol Next Generation (RIPng)). In some environments,
it has been found that IPsec is difficult to configure and maintain it has been found that IPsec is difficult to configure and maintain
and thus cannot be used. This document defines an alternative and thus cannot be used. This document defines an alternative
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 11, 2014. This Internet-Draft will expire on May 16, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Summary of Changes from RFC 6506 . . . . . . . . . . . . . 5 1.2. Summary of Changes from RFC 6506 . . . . . . . . . . . . . 4
2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 7 2. Proposed Solution . . . . . . . . . . . . . . . . . . . . . . 6
2.1. AT-Bit in Options Field . . . . . . . . . . . . . . . . . 7 2.1. AT-Bit in Options Field . . . . . . . . . . . . . . . . . 6
2.2. Basic Operation . . . . . . . . . . . . . . . . . . . . . 8 2.2. Basic Operation . . . . . . . . . . . . . . . . . . . . . 7
2.3. IPv6 Source Address Protection . . . . . . . . . . . . . . 8 2.3. IPv6 Source Address Protection . . . . . . . . . . . . . . 7
3. OSPFv3 Security Association . . . . . . . . . . . . . . . . . 10 3. OSPFv3 Security Association . . . . . . . . . . . . . . . . . 9
4. Authentication Procedure . . . . . . . . . . . . . . . . . . . 13 4. Authentication Procedure . . . . . . . . . . . . . . . . . . . 11
4.1. Authentication Trailer . . . . . . . . . . . . . . . . . . 13 4.1. Authentication Trailer . . . . . . . . . . . . . . . . . . 11
4.1.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . 14 4.1.1. Sequence Number Wrap . . . . . . . . . . . . . . . . . 12
4.2. OSPFv3 Header Checksum and LLS Data Block Checksum . . . . 15 4.2. OSPFv3 Header Checksum and LLS Data Block Checksum . . . . 13
4.3. Cryptographic Authentication Procedure . . . . . . . . . . 15 4.3. Cryptographic Authentication Procedure . . . . . . . . . . 13
4.4. Cross-Protocol Attack Mitigation . . . . . . . . . . . . . 16 4.4. Cross-Protocol Attack Mitigation . . . . . . . . . . . . . 14
4.5. Cryptographic Aspects . . . . . . . . . . . . . . . . . . 16 4.5. Cryptographic Aspects . . . . . . . . . . . . . . . . . . 14
4.6. Message Verification . . . . . . . . . . . . . . . . . . . 18 4.6. Message Verification . . . . . . . . . . . . . . . . . . . 16
5. Migration and Backward Compatibility . . . . . . . . . . . . . 21 5. Migration and Backward Compatibility . . . . . . . . . . . . . 19
6. Security Considerations . . . . . . . . . . . . . . . . . . . 22 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
8.1. Normative References . . . . . . . . . . . . . . . . . . . 24 8.1. Normative References . . . . . . . . . . . . . . . . . . . 22
8.2. Informative References . . . . . . . . . . . . . . . . . . 24 8.2. Informative References . . . . . . . . . . . . . . . . . . 22
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 26 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
Unlike Open Shortest Path First version 2 (OSPFv2) [RFC2328], OSPF Unlike Open Shortest Path First version 2 (OSPFv2) [RFC2328], OSPF
for IPv6 (OSPFv3) [RFC5340] does not include the AuType and for IPv6 (OSPFv3) [RFC5340] does not include the AuType and
Authentication fields in its headers for authenticating protocol Authentication fields in its headers for authenticating protocol
packets. Instead, OSPFv3 relies on the IPsec protocols packets. Instead, OSPFv3 relies on the IPsec protocols
Authentication Header (AH) [RFC4302] and Encapsulating Security Authentication Header (AH) [RFC4302] and Encapsulating Security
Payload (ESP) [RFC4303] to provide integrity, authentication, and/or Payload (ESP) [RFC4303] to provide integrity, authentication, and/or
confidentiality. confidentiality.
skipping to change at page 5, line 28 skipping to change at page 4, line 28
1.2. Summary of Changes from RFC 6506 1.2. Summary of Changes from RFC 6506
This document includes the following changes from RFC 6506 [RFC6506]: This document includes the following changes from RFC 6506 [RFC6506]:
1. Sections 2.2 and 4.2 explicitly state that the Link-Local 1. Sections 2.2 and 4.2 explicitly state that the Link-Local
Signaling (LLS) block checksum calculation is omitted when an Signaling (LLS) block checksum calculation is omitted when an
OSPFv3 authentication trailer is used for OSPFv3 authentication. OSPFv3 authentication trailer is used for OSPFv3 authentication.
The LLS block is included in the authentication digest The LLS block is included in the authentication digest
calculation and computation of a checksum is unnecessary. calculation and computation of a checksum is unnecessary.
Clarification of this issue was documented in an errata. Clarification of this issue was documented in an erratum.
2. Section 3 previously advocated usage of an expired key for 2. Section 3 previously recommended usage of an expired key for
transmitted OSPFv3 packets when no valid keys existed. This transmitted OSPFv3 packets when no valid keys existed. This
statement has been removed. statement has been removed.
3. Section 4.5 includes a correction to the key preparation to use 3. Section 4.5 includes a correction to the key preparation to use
the protocol specific key (Ks) rather than the key (K) as the the protocol specific key (Ks) rather than the key (K) as the
initial key (Ko). This problem was also documented in an errata. initial key (Ko). This problem was also documented in an
erratum.
4. Section 4.5 also includes a discussion of the choice of key 4. Section 4.5 also includes a discussion of the choice of key
length to be the hash length (L) rather than the block size (B). length to be the hash length (L) rather than the block size (B).
The discussion of this choice was included to clarify an issue The discussion of this choice was included to clarify an issue
raised in a rejected errata. raised in a rejected erratum.
5. Section 4.1 and 4.6 indicate that sequence number checking is 5. Section 4.1 and 4.6 indicate that sequence number checking is
dependent on OSPFv3 packet type in order to account for packet dependent on OSPFv3 packet type in order to account for packet
prioritization as specified in [RFC4222]. This was an omission prioritization as specified in [RFC4222]. This was an omission
from RFC 6506 [RFC6506]. from RFC 6506 [RFC6506].
6. Section 4.6 explicitly states that OSPFv3 packets with a non- 6. Section 4.6 explicitly states that OSPFv3 packets with a non-
existent or expired Security Association (SA) will be dropped. existent or expired Security Association (SA) will be dropped.
7. Section 5 includes guidance on precisely the actions required for 7. Section 5 includes guidance on precisely the actions required for
skipping to change at page 11, line 49 skipping to change at page 10, line 49
KeyStopAccept. If KeyStartGenerate or KeyStartAccept are left KeyStopAccept. If KeyStartGenerate or KeyStartAccept are left
unspecified, the time will default to 0, and the key will be used unspecified, the time will default to 0, and the key will be used
immediately. If KeyStopGenerate or KeyStopAccept are left immediately. If KeyStopGenerate or KeyStopAccept are left
unspecified, the time will default to infinity, and the key's unspecified, the time will default to infinity, and the key's
lifetime will be infinite. When a new key replaces an old, the lifetime will be infinite. When a new key replaces an old, the
KeyStartGenerate time for the new key MUST be less than or equal to KeyStartGenerate time for the new key MUST be less than or equal to
the KeyStopGenerate time of the old key. the KeyStopGenerate time of the old key.
Key storage SHOULD persist across a system restart, warm or cold, to Key storage SHOULD persist across a system restart, warm or cold, to
avoid operational issues. In the event that the last key associated avoid operational issues. In the event that the last key associated
with an interface expires, it is unacceptable to revert to an with an interface expires, the network operator SHOULD be notified
unauthenticated condition and not advisable to disrupt routing. and the OSPFv3 packet MUST NOT be transmitted unauthenticated.
Therefore, the router SHOULD send a "last Authentication Key
expiration" notification to the network operator and treat the key as
having an infinite lifetime until the lifetime is extended, the key
is deleted by the network operator, or a new key is configured.
4. Authentication Procedure 4. Authentication Procedure
4.1. Authentication Trailer 4.1. Authentication Trailer
The Authentication Trailer that is appended to the OSPFv3 protocol The Authentication Trailer that is appended to the OSPFv3 protocol
packet is described below: packet is described below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
skipping to change at page 22, line 12 skipping to change at page 20, line 12
not be authenticated. Additionally, the OSPFv3 header checksum not be authenticated. Additionally, the OSPFv3 header checksum
and LLS block checksum will be validated. and LLS block checksum will be validated.
6. Security Considerations 6. Security Considerations
The document proposes extensions to OSPFv3 that would make it more The document proposes extensions to OSPFv3 that would make it more
secure than [RFC5340]. It does not provide confidentiality as a secure than [RFC5340]. It does not provide confidentiality as a
routing protocol contains information that does not need to be kept routing protocol contains information that does not need to be kept
secret. It does, however, provide means to authenticate the sender secret. It does, however, provide means to authenticate the sender
of the packets that are of interest. It addresses all the security of the packets that are of interest. It addresses all the security
issues that have been identified in [RFC6039]. issues that have been identified in [RFC6039] and [RFC6506].
It should be noted that the authentication method described in this It should be noted that the authentication method described in this
document is not being used to authenticate the specific originator of document is not being used to authenticate the specific originator of
a packet but is rather being used to confirm that the packet has a packet but is rather being used to confirm that the packet has
indeed been issued by a router that has access to the Authentication indeed been issued by a router that has access to the Authentication
Key. Key.
Deployments SHOULD use sufficiently long and random values for the Deployments SHOULD use sufficiently long and random values for the
Authentication Key so that guessing and other cryptographic attacks Authentication Key so that guessing and other cryptographic attacks
on the key are not feasible in their environments. Furthermore, it on the key are not feasible in their environments. Furthermore, it
skipping to change at page 27, line 5 skipping to change at page 25, line 5
Thanks to Srinivasan KL, Shraddha H, Alan Davey, Russ White, Stan Thanks to Srinivasan KL, Shraddha H, Alan Davey, Russ White, Stan
Ratliff, and Glen Kent for their support and review comments. Ratliff, and Glen Kent for their support and review comments.
Thanks to Alia Atlas for comments made under the purview of the Thanks to Alia Atlas for comments made under the purview of the
Routing Directorate review. Routing Directorate review.
Thanks to Stephen Farrell for comments during the IESG review. Thanks to Stephen Farrell for comments during the IESG review.
Stephen was also involved in the discussion of cross-protocol Stephen was also involved in the discussion of cross-protocol
attacks. attacks.
Thanks to Brian Carpenter for comments made during Gen-ART review.
Authors' Addresses Authors' Addresses
Manav Bhatia Manav Bhatia
Alcatel-Lucent Alcatel-Lucent
Bangalore Bangalore
India India
Email: manav.bhatia@alcatel-lucent.com Email: manav.bhatia@alcatel-lucent.com
Vishwas Manral Vishwas Manral
 End of changes. 13 change blocks. 
51 lines changed or deleted 38 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/