Re: [OSPF] FW: New Version Notification for draft-ietf-ospf-security-extension-manual-keying-09.txt

Tue, 07 Oct 2014 07:48:12 -0700 

Acee,

Looks good - thanks!

Alia

On Tue, Oct 7, 2014 at 9:56 AM, Acee Lindem (acee) <[email protected]> wrote:

> This version just addresses Alia¹s AD review comments. The draft is in
> IESG Last Call.
> Thanks,
> Acee
>
> On 10/7/14, 6:38 AM, "[email protected]" <[email protected]>
> wrote:
>
> >
> >A new version of I-D,
> >draft-ietf-ospf-security-extension-manual-keying-09.txt
> >has been successfully submitted by Manav Bhatia and posted to the
> >IETF repository.
> >
> >Name:          draft-ietf-ospf-security-extension-manual-keying
> >Revision:      09
> >Title:         Security Extension for OSPFv2 when using Manual Key
> Management
> >Document date: 2014-10-06
> >Group:         ospf
> >Pages:         13
> >URL:
> >
> http://www.ietf.org/internet-drafts/draft-ietf-ospf-security-extension-man
> >ual-keying-09.txt
> >Status:
> >
> https://datatracker.ietf.org/doc/draft-ietf-ospf-security-extension-manual
> >-keying/
> >Htmlized:
> >
> http://tools.ietf.org/html/draft-ietf-ospf-security-extension-manual-keyin
> >g-09
> >Diff:
> >
> http://www.ietf.org/rfcdiff?url2=draft-ietf-ospf-security-extension-manual
> >-keying-09
> >
> >Abstract:
> >   The current OSPFv2 cryptographic authentication mechanism as defined
> >   in RFC 2328 and RFC 5709 is vulnerable to both inter-session and
> >   intra-session replay attacks when using manual keying.  Additionally,
> >   the existing cryptographic authentication mechanism does not cover
> >   the IP header.  This omission can be exploited to carry out various
> >   types of attacks.
> >
> >   This draft proposes changes to the authentication sequence number
> >   mechanism that will protect OSPFv2 from both inter-session and intra-
> >   session replay attacks when using manual keys for securing OSPFv2
> >   protocol packets.  Additionally, we also describe some changes in the
> >   cryptographic hash computation that will eliminate attacks resulting
> >   from OSPFv2 not protecting the IP header.
> >
> >
> >
> >
> >
> >Please note that it may take a couple of minutes from the time of
> >submission
> >until the htmlized version and diff are available at tools.ietf.org.
> >
> >The IETF Secretariat
> >
>
> _______________________________________________
> OSPF mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ospf
>

_______________________________________________
OSPF mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ospf

Reply via email to