OSPF Cryptographic Authentication

Document Type Expired Internet-Draft (ospf WG)
Authors Fred Baker  , Randall Atkinson 
Last updated 1995-03-17 (latest revision 1994-10-14)
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Growth in the Internet has made us aware of the need for improved authentication of routing information. OSPF provides two authentication mechanisms for use in an area: 'No Authentication' and 'Simple Password'. Both are vulnerable to passive attacks currently widespread in the Internet. Well-understood security issues exist in routing protocols [4]. Clear text passwords, currently specified for use with OSPF, are no longer considered sufficient [5]. If authentication is disabled, then only simple misconfigurations are detected. Simple passwords transmitted in the clear will further protect against the honest neighbor, but are useless in the general case. By simply capturing information on the wire - straightforward even in a remote environment - a hostile process can learn the password and overcome the network.


Fred Baker (fred.baker@cisco.com)
Randall Atkinson (rja@extremenetworks.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)