Deprecating MD5 for LDP
draft-nslag-ietf-deprecate-md5-00

Document Type Expired Internet-Draft (individual)
Last updated 2018-09-02 (latest revision 2018-03-01)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-nslag-ietf-deprecate-md5-00.txt

Abstract

When the MPLS Label Distribution Protocol (LDP) was specified circa 1999, there were very strong requirements that LDP should use a cryptographic hash function to sign LDP protocol messages. MD5 was widely used at that time, and was the obvious choices. However, even when this decision was being taken there were concerns as to whether MD5 was a strong enough signing option. This discussion was briefly reflected in section 5.1 of RFC 5036 [RFC5036] (and also in RFC 3036 [RFC3036]). Over time it has been shown that MD5 can be compromised. Thus, there is a concern shared in the security community and the working groups responsible for the development of the LDP protocol that LDP is no longer adequately secured. This document deprecates MD5 as the signing method for LDP messages. The document also selects a future method to secure LDP messages - the choice is TCP-AO. In addition, we specify that the TBD cryptographic mechanism is to be the default TCP-AO security method.

Authors

Loa Andersson (loa@pi.nu)
Stewart Bryant (stewart.bryant@gmail.com)
Nicolai Leymann (n.leymann@telekom.de)
George Swallow (swallow.ietf@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)