Skip to main content

LDP Hello Cryptographic Authentication
draft-ietf-mpls-ldp-hello-crypto-auth-10

Revision differences

Document history

Date Rev. By Action
2014-08-08
10 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2014-08-06
10 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2014-07-29
10 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2014-06-27
10 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2014-06-26
10 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2014-06-26
10 (System) IANA Action state changed to Waiting on Authors from In Progress
2014-06-24
10 Amy Vezza IESG state changed to RFC Ed Queue from Approved-announcement sent
2014-06-23
10 (System) RFC Editor state changed to EDIT
2014-06-23
10 (System) Announcement was received by RFC Editor
2014-06-23
10 (System) IANA Action state changed to In Progress
2014-06-23
10 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2014-06-23
10 Amy Vezza IESG has approved the document
2014-06-23
10 Amy Vezza Closed "Approve" ballot
2014-06-21
10 Adrian Farrel Ballot approval text was generated
2014-06-21
10 Adrian Farrel Ballot writeup was changed
2014-06-21
10 Adrian Farrel IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2014-06-19
10 Alia Atlas [Ballot comment]
Thanks for handling my concerns so quickly.
2014-06-19
10 Alia Atlas [Ballot Position Update] Position for Alia Atlas has been changed to Yes from Discuss
2014-06-19
10 Ted Lemon
[Ballot comment]
Thanks for addressing my DISCUSS point (included below FTR):

Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation …
[Ballot comment]
Thanks for addressing my DISCUSS point (included below FTR):

Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation of this specification could perfectly well accept an unauthenticated hello after it's accepted an authenticated hello, because there's no requirements language forbidding this behavior. One would hope that implementors would be smart and not do this, but given that this is a standard, it SHOULD be mentioned explicitly.  :)
2014-06-19
10 Ted Lemon [Ballot Position Update] Position for Ted Lemon has been changed to No Objection from Discuss
2014-06-19
10 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-10.txt
2014-06-18
09 (System) Sub state has been changed to AD Followup from Revised ID Needed
2014-06-18
09 Lianshu Zheng IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2014-06-18
09 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-09.txt
2014-06-12
08 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2014-06-12
08 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2014-06-11
08 Richard Barnes
[Ballot comment]
I agree with Ted's DISCUSS in spirit, even if I disagree with it as stated.  What needs to be clear here is that …
[Ballot comment]
I agree with Ted's DISCUSS in spirit, even if I disagree with it as stated.  What needs to be clear here is that the LSR receiving Hello messages needs to have a policy for each neighbor as to whether it requires authentication or does not.  If it is configured to require authentication, it MUST NOT accept unauthenticated Hello messages.  (Ted's message implies that this policy should be configured based on receipt of authenticated messages, which is a terrible idea.)
2014-06-11
08 Richard Barnes [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes
2014-06-11
08 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2014-06-11
08 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2014-06-11
08 Alia Atlas [Ballot comment]
I also support Ted's concerns about when an unauthenticated hello packet should be accepted (see email thread).
2014-06-11
08 Alia Atlas Ballot comment text updated for Alia Atlas
2014-06-11
08 Ted Lemon
[Ballot discuss]
Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation of this specification could perfectly well accept an unauthenticated …
[Ballot discuss]
Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation of this specification could perfectly well accept an unauthenticated hello after it's accepted an authenticated hello, because there's no requirements language forbidding this behavior. One would hope that implementors would be smart and not do this, but given that this is a standard, it SHOULD be mentioned explicitly.  :)
2014-06-11
08 Ted Lemon Ballot discuss text updated for Ted Lemon
2014-06-11
08 Ted Lemon
[Ballot discuss]
Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation of this specification could perfectly well accept an unauthenticated …
[Ballot discuss]
Adrian raised this as a nit, but it's really a DISCUSS: a conforming implementation of this specification could perfectly well accept an unauthenticated hello after it's accepted an authenticed hello, because there's no requirements language forbidding this behavior.  One would hope that implementors would be smart and not do this, but given that this is a standard, it SHOULD be mentioned explicitly.  :)
2014-06-11
08 Ted Lemon [Ballot Position Update] New position, Discuss, has been recorded for Ted Lemon
2014-06-11
08 Gunter Van de Velde Request for Telechat review by OPSDIR Completed: Ready. Reviewer: Linda Dunbar.
2014-06-11
08 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Linda Dunbar
2014-06-11
08 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Linda Dunbar
2014-06-11
08 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'Withdrawn'
2014-06-10
08 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2014-06-10
08 Alia Atlas
[Ballot discuss]
I have two simple technical concerns.

1) Hello messages are sent out per interface with the transport address specified either
implicitly or explicitly.  …
[Ballot discuss]
I have two simple technical concerns.

1) Hello messages are sent out per interface with the transport address specified either
implicitly or explicitly.  Different transport addresses can be used for different label spaces
or to create different sessions.  Can the draft clearly specify that the Cryptographic Sequence
Number is a single space per LSR regardless of the used transport address?

2) Given that an LDP session is frequently identified by the transport address, I'm not sure that a
receiver can reliably tell "the same neighbor" if that neighbor is using different transport addresses
(possibly as the source address as well as via the TLV).

The draft specifies:  " If the cryptographic sequence number in the LDP packet is less than
      or equal to the last sequence number received from the same neighbor,
      the LDP message MUST be discarded, and an error event SHOULD be
      logged."

Can you please clarify that "same neighbor" means "same source IP address", if that is the intent?
2014-06-10
08 Alia Atlas [Ballot Position Update] New position, Discuss, has been recorded for Alia Atlas
2014-06-10
08 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2014-06-09
08 Spencer Dawkins
[Ballot comment]
I'm also curious about Brian's "Is it worth mentioning why DTLS is not sufficient for this UDP-based protocol?" comment, but whatever you decide …
[Ballot comment]
I'm also curious about Brian's "Is it worth mentioning why DTLS is not sufficient for this UDP-based protocol?" comment, but whatever you decide in conversations with him will be fine with me.
2014-06-09
08 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2014-06-09
08 Alissa Cooper
[Ballot comment]
Section 1:
"Of the above, implementations MUST include
  support for at least HMAC-SHA-256 and SHOULD include support for
  HMAC-SHA-1 and MAY …
[Ballot comment]
Section 1:
"Of the above, implementations MUST include
  support for at least HMAC-SHA-256 and SHOULD include support for
  HMAC-SHA-1 and MAY include support for either of HMAC-SHA-384 or
  HMAC-SHA-512."

This makes it sound as if HMAC-SHA-384 and HMAC-SHA-512 support are mutually exclusive. I think the phrasing in Section 3 is better and should be repeated here (or, in any event, the two sections should say the same thing):

"Of the above, implementations of this specification MUST include
  support for at least HMAC-SHA-256 and SHOULD include support for
  HMAC-SHA-1 and MAY also include support for HMAC-SHA-384 and HMAC-
  SHA-512."

Section 2.2:
"This is a 32-bit unsigned integer used to uniquely identify an LDP
      SA between two LDP peers, as manually configured by the network
      operator (or, in the future, possibly by some key management
      protocol specified by the IETF)."

It would help to clarify whether you mean (1) a key management protocol that does not already exist may be defined in the future and used for this purpose, or (2) in the future SA IDs may be configured using a key management protocol that already exists.

"In order to achieve smooth key transition, KeyStartAccept SHOULD be
  less than KeyStartGenerate and KeyStopGenerate SHOULD be less than
  KeyStopAccept."

What are the conditions under which these SHOULDs might be violated?
2014-06-09
08 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2014-06-09
08 Kathleen Moriarty [Ballot comment]
Thank you for addressing the SecDir review.  I support Stephen's comments and will watch the responses.  I don't have anything else to add.
2014-06-09
08 Kathleen Moriarty [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty
2014-06-09
08 Stephen Farrell
[Ballot comment]

Many thanks to the authors/chairs and the secdir reviewer
(Yaron Sheffer) for working hard to significantly improve
this document (from the security weeny …
[Ballot comment]

Many thanks to the authors/chairs and the secdir reviewer
(Yaron Sheffer) for working hard to significantly improve
this document (from the security weeny point of view:-)

abstract: this is really defining a way to use HMAC (with
SHA) and not just SHA, it'd be better to put it that way in
the abstract.

intro says: "The LSRs could be configured to only accept
Hello messages from specific peers when authentication is in
use." Isn't "could" a little understated there? Presumably
you would only ever use this if you have some list of
(keys/identifiers) and you don't want messages from outside
that set to affect that set of LDPs? I'm not suggesting you
add a MUST (unless you want to) but more that you say that
this mechanism only makes sense if you are in fact
configured to "only accept..."

2.2: The last para here calls for extending the lifetime of
the "last" key indefinitely. That's probably justifiable for
operational reasons, but would be considered "odd" for
crypto devs perhaps. And there could be issues with using a
key a really really large number of times even for HMAC, I'd
have to go ask someone (that kind of formula is not in my
brain-buffer:-) and its probably mainly theoretical here but
a crypto API just might insist on that in some cases causing
an interesting failure case. Anyway, I think it might be
worth making this last para a subsection of its own so its
more likely to be noticed by developers.  And you might want
to consider what happens if a crypto API insists that the
application can no longer use that key because its been used
too many times.

section 5: I think that the AuthTag having the source IP
address as input is what prevents reflection attacks.  Is
that correct? If so, then I think that would be worth
calling out specifically either here or in the security
considerations. (And whenever we get to the point of running
LDP via NATs, then this AuthTag will need to change, but
that, I assume, is ok for now.)

6.1: Why the last sentence?

section 7: not asking for this to go into the doc (unless
you want) but I'd be interested in knowing if there are any
interesting residual threats related to the fact that we're
not providing confidentiality here. Its ok if you don't want
to answer this bit btw, I'm just curious.
2014-06-09
08 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2014-06-09
08 Brian Haberman
[Ballot comment]
The definition of the Length field in section 2.3 is nebulous.  Does it include the 96 bits of fixed-length fields or just the …
[Ballot comment]
The definition of the Length field in section 2.3 is nebulous.  Does it include the 96 bits of fixed-length fields or just the variable length Authentication Data.  It is unclear since the definition says it is the length of the "value field".

Is it worth mentioning why DTLS is not sufficient for this UDP-based protocol?
2014-06-09
08 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2014-06-07
08 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2014-06-05
08 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2014-06-05
08 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2014-06-04
08 Adrian Farrel
[Ballot comment]
IANA's questions have been addressed through several revisions and clarifications. This document is ready to progress.

---

Please fix the nit raised by …
[Ballot comment]
IANA's questions have been addressed through several revisions and clarifications. This document is ready to progress.

---

Please fix the nit raised by Joel Halpern in his Rtg Dir review...

The one nit is that I could not find the text indicating that if a
receiver receives an unauthenticated LDP Hello packet, and is expecting
authentication to be used (either always, or with the source the packet
claims to be from) then the hello packet should be silently discarded.
2014-06-04
08 Adrian Farrel Ballot comment text updated for Adrian Farrel
2014-06-03
08 Adrian Farrel [Ballot comment]
IANA's questions have been addressed through several revisions and clarifications. This document is ready to progress.
2014-06-03
08 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to Yes from Discuss
2014-06-02
08 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-08.txt
2014-05-29
07 Lianshu Zheng IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2014-05-29
07 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-07.txt
2014-05-28
06 Adrian Farrel [Ballot discuss]
Holding a Discuss for the resolution of IANA's questions
2014-05-28
06 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to Discuss from Yes
2014-05-28
06 (System) IANA Review state changed to IANA - Not OK from Version Changed - Review Needed
2014-05-28
06 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2014-05-28
06 Adrian Farrel Ballot has been issued
2014-05-28
06 Adrian Farrel [Ballot Position Update] New position, Yes, has been recorded for Adrian Farrel
2014-05-28
06 Adrian Farrel Created "Approve" ballot
2014-05-28
06 Adrian Farrel Placed on agenda for telechat - 2014-06-12
2014-05-28
06 Adrian Farrel IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2014-05-28
06 Adrian Farrel Ballot writeup was changed
2014-05-28
06 Adrian Farrel Changed consensus to Yes from Unknown
2014-05-28
06 Adrian Farrel Ballot writeup was changed
2014-05-25
06 (System) Sub state has been changed to AD Followup from Revised ID Needed
2014-05-25
06 Manav Bhatia IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2014-05-25
06 Manav Bhatia New version available: draft-ietf-mpls-ldp-hello-crypto-auth-06.txt
2014-05-22
05 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Yaron Sheffer.
2014-05-22
05 Adrian Farrel Security Directorate review leads to a plan for a revision.
2014-05-22
05 Adrian Farrel IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for Writeup
2014-05-21
05 (System) IESG state changed to Waiting for Writeup from In Last Call
2014-05-18
05 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Linda Dunbar
2014-05-18
05 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Linda Dunbar
2014-05-12
05 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2014-05-12
05 Amanda Baber
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-mpls-ldp-hello-crypto-auth-05.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon …
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-mpls-ldp-hello-crypto-auth-05.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

IANA's reviewer has the following comments/questions:

IANA understands that, upon approval of this document, there are two actions which IANA must complete.

In the TLV subregistry of the Multi-Protocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters registry located at:

http://www.iana.org/assignments/mpls-lsp-ping-parameters/

a new TLV is to be registered as follows:

Type: [ TBD-at-registration ]
TLV Name: Cryptographic Authentication TLV
Reference: [ RFC-to-be ]
Sub-TLV Registry: No Sub-TLVs

Second, in the Cryptographic Protocol ID subregistry of the Authentication Cryptographic Protocol ID registry located at:

http://www.iana.org/assignments/authentication-cryptographic-protocol-id/

a new ID is to be registered at follows:

Value: [ TBD-at-registration ]
Description: LDP Cryptographic Protocol
Reference: [ RFC-to-be ]

IANA understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.
2014-05-09
05 Vijay Gurbani Request for Last Call review by GENART Completed: Ready. Reviewer: Vijay Gurbani.
2014-05-08
05 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2014-05-08
05 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2014-05-08
05 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2014-05-08
05 Tero Kivinen Request for Last Call review by SECDIR is assigned to Yaron Sheffer
2014-05-07
05 Amy Vezza IANA Review state changed to IANA - Review Needed
2014-05-07
05 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (LDP Hello Cryptographic Authentication) to …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (LDP Hello Cryptographic Authentication) to Proposed Standard


The IESG has received a request from the Multiprotocol Label Switching WG
(mpls) to consider the following document:
- 'LDP Hello Cryptographic Authentication'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-05-21. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract

  This document introduces a new optional Cryptographic Authentication
  TLV that LDP can use to secure its Hello messages.  It secures the
  Hello messages against spoofing attacks and some well known attacks
  against the IP header.  This document describes a mechanism to secure
  the LDP Hello messages using National Institute of Standards and
  Technology (NIST) Secure Hash Standard family of algorithms.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-mpls-ldp-hello-crypto-auth/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-mpls-ldp-hello-crypto-auth/ballot/


No IPR declarations have been submitted directly on this I-D.
2014-05-07
05 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2014-05-07
05 Adrian Farrel Last call was requested
2014-05-07
05 Adrian Farrel Ballot approval text was generated
2014-05-07
05 Adrian Farrel Ballot writeup was generated
2014-05-07
05 Adrian Farrel IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2014-05-07
05 Adrian Farrel Last call announcement was changed
2014-05-07
05 Adrian Farrel Last call announcement was generated
2014-05-06
05 (System) Sub state has been changed to AD Followup from Revised ID Needed
2014-05-06
05 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-05.txt
2014-04-13
04 Adrian Farrel
Hi authors,

Thanks for progressing with this document. It is good to see security being taken seriously by the WG.

I have done my usual …
Hi authors,

Thanks for progressing with this document. It is good to see security being taken seriously by the WG.

I have done my usual AD review after receiving the publication request. This has led me to a small number of issues and questions, below.

It would be nice to see these addressed, but I am open to discussion including the authors and WG saying that I am wrong or that the additions are out of scope.

Thanks for your work,
Adrian

===

I think that the threat analysis is a bit thin. As with all interior routing protocols, there seem to be two possibilities. The first is that a bad LDP message is admitted (directly or through a tunnel) into the network. The second is that there is a bad actor in the network. It would help if the document was a little clearer about which attacks it is defending against and why normal protection at the edge of the network is not considered enough for the former, and why a bad actor within the network would waste its time attacking LDP when there is so much else it can do!

---

IANA stuff...

Section 2.1 should use "TBD1" and Section 2..3 and 8 should be similarly
updated to identify the new Cryptographic Authentication TLV.

The back reference in section 8 should presumably say "2.3" not "3.2".

---

Section 2.1 has

  The Cryptographic Authentication TLV Encoding is described in section
  2.2.

I think this should read 2.3.

---

Section 2.2.

  o  Security Association Identifier (SA ID)

      This is a 32-bit unsigned integer used to uniquely identify an LDP
      SA, as manually configured by the network operator.

"Unique" in what scope? Presumably "globally unique" is not needed.

I am also concerned by the requirement for manual configuration because
that is open to error and attack. Each LDP speaker will have an SA with
each of its peers and each peer must have the same SA ID for
communication to work. If you are going to go to this extent, it seems
like you don't actually need Hellos to do discovery and you will only
use them for "keepalive" in which case, it might be better to replace
that second aspect of the Hello with something like a KeepAlive message!

It is perhaps ironic that part of the reasoning you apply against access
lists is the resources they take up on each LSR, yet you are requesting
that each peer that is allowed to communicate has an SA configured which
seems to me to be more resources than a simple access list.

Is there no way to generate the AD ID value from other known information
or the LDP session?

Perhaps this concern is best addressed by writing a Management
Considerations section to describe:
- what needs to be configurable in an implementation
- what needs to be configured per SA
- what needs to be made available for inspection
- what logging takes place

---

There is a small alignment error in the figure in Section 2.3

---

Section 4 is a little odd. The implication of the wording is that this
document sets requirements on all implementations of all other protocols
that use cryptographic authentication.

I would suggest deleting the whole section and updating Section 5 as
follows...

OLD
  Ks is a Protocol Specific Authentication Key obtained by appending
  Authentication Key (K) with the two-octet LDP Cryptographic Protocol
  ID appended.
NEW
  Ks is a Protocol Specific Authentication Key obtained by appending
  Authentication Key (K) with the two-octet LDP Cryptographic Protocol
  ID TBD2 (to be defined by IANA) from the "Authentication
  Cryptographic Protocol ID" registry.  Ks is used to mitigate cross-
  protocol attacks when multiple protocols share a common key.
END

---

Section 6.2

  if the locally computed Hash is not equal to the received value of
  the Authentication Data field, the received packet MUST be discarded,
  and an error event SHOULD be logged.

It is customary to give some warning about rate limiting logging because
logging usually takes more resources than receiving packets, so if you
are subject to a storm of bad Hellos you could die trying to log them.
2014-04-13
04 Adrian Farrel IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2014-04-11
04 Adrian Farrel IESG state changed to AD Evaluation from Publication Requested
2014-04-08
04 Loa Andersson
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

          The MPLS working group requests that

              LDP Hello Cryptographic Authentication
              draft-ietf-mpls-ldp-hello-crypto-auth-04.txt

          Is published as a RFC on the Standards Track.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

        The document should be published as a Proposed Standard, the document
        header says "Standards Track"

        This document need to be on the standards track since it specifies
        protocol, procedures and mechanisms, a TLV and ab ID to go with the
        TLV for LDP which is a standard track protocol.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

            This document introduces a new optional Cryptographic Authentication
            TLV that LDP can use to secure its Hello messages.  It secures the
            Hello messages against spoofing attacks and some well known attacks
            against the IP header.  This document describes a mechanism to secure
            the LDP Hello messages using National Institute of Standards and
            Technology (NIST) Secure Hash Standard family of algorithms.

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

          Taking a mostly security document through a working group like MPLS
          is a bit tricky. Most of the participants do not have there focus on
          security issues. While a large majority agree that the security work has
          a huge value, it is often not highest on the priority list for the avarage
          MPLS participant.
          Securing routing protocols, like LDP, started with a analysis done by
          the KARP working group. KARP pointed to the UDP based Hello
          messages as a potential risk.
          The current draft has been developed by the MPLS working group and
          reviewed by KARP during wglc. The comments from people active in
          KARP hs been very valuable.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

          Currently we do not know of existing implementations of this draft,
          but a mail has been sent to the mpls and karp mailing list requesting
          information. The write-up will be updated as soon as new information
          is received.

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

        Adrian Farrel is the Responsible AD
        Loa Andersson is the Document Shepherd.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

          The document reviewed the document before starting the poll t
          if there were consensus to make it a wg document.

        A second time while preparing the working group last call, this
        also includes a review of the updates made as a result of the wglc.

        The third time while preparing the Shepherd Write-up.

        In addition the document was through an early RTG Area Directorate
        review on the Shepherd's request.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed? 

        It has been a bit hard for the shepherd to follow the comments that
        came out of the review by participants of the KARP working group, but
        seeing the resolution of the comments made it much easier to follow.
        The review in the MPLS working group have been quite good, and the
        draft was reviewed by the RTG Area Directorate in parallel to the wglc.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

          No such reviews other than the security reviews done by participants
          in the KARP working group.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

          No such concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

        All the authors have stated on the working group mailing list that they
        are unaware of any IPR related to this document.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

          No IPR disclosures against this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?

          As discussed earlier the security issues, though recognized as
          important, are not at the working group focus. However the discussion
          around resolution of the of the wglc comments has been constructive.         

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summaries the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

        No such threats.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

          The document passes the nits-tool, with the exeception of:

          "  -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-180-3'
              -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-198' "

        This were discussed when the document was accepted as a working
        group document. The "FIPS" references are not considered to be
        down references.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

        No such formal reviews necessary.

(13) Have all references within this document been identified as
either normative or informative?

          Yes - all the references have correctly been identified as normative or
            informative.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

          All the references, including the informative, are to existing RFCs or
          FIPS-references.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

          No normative references.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

        The publication of this document will not change the status of
        any other document.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

          The document requests allocation of a "Cryptographic Authentication TLV"
          and a "LDP Cryptographic Protocol ID".

          The IANA section is well and clearly written.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

        No new registries that requires expert review.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

          No such reviews necessary.
2014-04-08
04 Loa Andersson State Change Notice email list changed to mpls-chairs@tools.ietf.org, draft-ietf-mpls-ldp-hello-crypto-auth@tools.ietf.org
2014-04-08
04 Loa Andersson Responsible AD changed to Adrian Farrel
2014-04-08
04 Loa Andersson IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2014-04-08
04 Loa Andersson IESG state changed to Publication Requested
2014-04-08
04 Loa Andersson IESG process started in state Publication Requested
2014-04-08
04 Loa Andersson Changed document writeup
2014-04-08
04 Loa Andersson Intended Status changed to Proposed Standard from None
2014-04-04
04 Loa Andersson Changed document writeup
2014-04-03
04 Loa Andersson Changed document writeup
2014-04-03
04 Loa Andersson Changed document writeup
2014-04-03
04 Loa Andersson Tag Revised I-D Needed - Issue raised by WGLC cleared.
2014-04-03
04 Loa Andersson IETF WG state changed to WG Consensus: Waiting for Write-Up from Waiting for WG Chair Go-Ahead
2014-03-31
04 Loa Andersson Changed document writeup
2014-03-29
04 Manav Bhatia New version available: draft-ietf-mpls-ldp-hello-crypto-auth-04.txt
2014-03-19
03 Manav Bhatia New version available: draft-ietf-mpls-ldp-hello-crypto-auth-03.txt
2013-09-23
02 Loa Andersson IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call
2013-09-23
02 Loa Andersson Annotation tag Revised I-D Needed - Issue raised by WGLC set.
2013-09-07
02 Loa Andersson Document shepherd changed to Loa Andersson
2013-09-07
02 Loa Andersson Document shepherd changed to Loa Andersson
2013-09-05
02 Loa Andersson IETF WG state changed to In WG Last Call from WG Document
2013-08-28
02 Manav Bhatia New version available: draft-ietf-mpls-ldp-hello-crypto-auth-02.txt
2013-01-21
01 Mach Chen New version available: draft-ietf-mpls-ldp-hello-crypto-auth-01.txt
2012-08-01
00 Lianshu Zheng New version available: draft-ietf-mpls-ldp-hello-crypto-auth-00.txt