Supporting Authentication Trailer for OSPFv3
draft-ietf-ospf-rfc6506bis-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2014-03-07
|
05 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-03-07
|
05 | Adrian Farrel | Shepherding AD changed to Alia Atlas |
2014-02-28
|
05 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-02-13
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2014-01-06
|
05 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2014-01-06
|
05 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2014-01-03
|
05 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2014-01-03
|
05 | (System) | IANA Action state changed to In Progress |
2014-01-03
|
05 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent |
2014-01-03
|
05 | (System) | RFC Editor state changed to EDIT |
2014-01-03
|
05 | (System) | Announcement was received by RFC Editor |
2014-01-03
|
05 | Amy Vezza | State changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2014-01-03
|
05 | Amy Vezza | IESG has approved the document |
2014-01-03
|
05 | Amy Vezza | Closed "Approve" ballot |
2014-01-03
|
05 | Amy Vezza | Ballot approval text was generated |
2014-01-03
|
05 | Amy Vezza | Ballot writeup was changed |
2013-12-24
|
05 | Stewart Bryant | Ballot writeup was changed |
2013-12-13
|
05 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-05.txt |
2013-12-08
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-12-08
|
04 | Acee Lindem | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2013-12-08
|
04 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-04.txt |
2013-12-05
|
03 | Cindy Morgan | State changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2013-12-05
|
03 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Brian Weis. |
2013-12-05
|
03 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2013-12-05
|
03 | Stephen Farrell | [Ballot comment] - intro: I'm not entirely sure but I don't buy that there's no way to distinguish plain and ciphertext in ESP as a … [Ballot comment] - intro: I'm not entirely sure but I don't buy that there's no way to distinguish plain and ciphertext in ESP as a justification for this. I'd say delete the point or justify it properly (which could be be reference). There's suggested changes on this point from the secdir review as well, please consider those. - intro: do you really need all those hash functions? Why? That seems like a recipe for lack of interop for no security benefit. (Agility is a benefit, but there's no need to populate every option you can think of just for fun.) - intro: Why the "believed" there? And I don't think any RFC is "mathematically identical" to anything, not even itself! - 2.1: Does the AT bit really mean that an AT will be used for all packets on this link for all time? Won't that cause deployment problems if you ever need to deploy an "AT++" trailer signalled via a different bit in the header? Maybe you need to qualify the "all" some more? Similarly, if there's any load balancing done on the source end of a link, mightn't this rule cause problems when you initiate turning on AT and there's a delay between getting that into place betweeen two load-balanced speakers? (That last might be nonsense, I've no idea how OSPF if deployed in anything like that manner, but some other systems are. The first point though I think is valid ignoring any load-balancing.) - section 3: is a 16 bit SA-ID enough? That allows guessing fairly trivially and if there's any real DoS or timing attack then an attacker could search that space very quickly. - section 3: I wondered why referring to the karp key table wouldn't have been a good idea here instead of a "key chain"? - 4.1: why is the 64-bit sequence number OSPFv3 packet type specific? That seems to uselessly call for more storage on the validator side. If there's a good reason, I don't get it. I also don't get why you're insisting on strict monotonic increase here but then say that packets can arrive out of order. Is something broken there in the text? - 4.2: An example would really help here. Omitted vs. set to zero is confusing, as stated. - 4.5: You're *still* copy and pasting the HMAC algorithm internals? How many times do you intend to do this before you consider it a bad plan? I think that's a bad idea and wish I'd DISCUSSed it out of you before;-) - Appendix A: I thought HMAC was invented by Hugo and not NIST. You might want to check the ack there. And thanks for thanking me before I'd even seen this draft! Are you perhaps copy and pasting too much here again? (Or, did you just assume I'd have some dumb comment to make for sure:-) |
2013-12-05
|
03 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2013-12-04
|
03 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
2013-12-04
|
03 | Pete Resnick | [Ballot comment] [Sorry for the re-send. Forgot one bit.] Asking with no insight into the actual technology: The number of changes between 6506 and these … [Ballot comment] [Sorry for the re-send. Forgot one bit.] Asking with no insight into the actual technology: The number of changes between 6506 and these seem pretty minimal to me. Is there a reason this is recycling at Proposed Standard and not being offered for Internet Standard? Do you expect that you still haven't gotten it quite right? 6506 is an Informative reference, not a Normative reference. |
2013-12-04
|
03 | Pete Resnick | Ballot comment text updated for Pete Resnick |
2013-12-04
|
03 | Pete Resnick | [Ballot comment] Asking with no insight into the actual technology: The number of changes between 6506 and these seem pretty minimal to me. Is there … [Ballot comment] Asking with no insight into the actual technology: The number of changes between 6506 and these seem pretty minimal to me. Is there a reason this is recycling at Proposed Standard and not being offered for Internet Standard? Do you expect that you still haven't gotten it quite right? 6506 is an Informative reference, not a Normative reference. |
2013-12-04
|
03 | Pete Resnick | Ballot comment text updated for Pete Resnick |
2013-12-04
|
03 | Pete Resnick | [Ballot comment] Asking with no insight into the actual technology: The number of changes between 6506 and these seem pretty minimal to me. Is there … [Ballot comment] Asking with no insight into the actual technology: The number of changes between 6506 and these seem pretty minimal to me. Is there a reason this is recycling at Proposed Standard and not being offered for Internet Standard? Do you expect that you still haven't gotten it quite right? |
2013-12-04
|
03 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2013-12-04
|
03 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2013-12-04
|
03 | Sean Turner | [Ballot comment] Is there anyway that we can just point to the OSPFv2 AT RFC for the crypto aspects? It looks very similar just in … [Ballot comment] Is there anyway that we can just point to the OSPFv2 AT RFC for the crypto aspects? It looks very similar just in a numbered list as opposed to separate sections. spt |
2013-12-04
|
03 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2013-12-03
|
03 | Joel Jaeggli | [Ballot Position Update] New position, Yes, has been recorded for Joel Jaeggli |
2013-12-03
|
03 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2013-12-02
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2013-12-02
|
03 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2013-12-02
|
03 | Adrian Farrel | [Ballot comment] Thanks for this work and especially for the clear Section 1.2. There are just two minor Comments I'd like you to look at... … [Ballot comment] Thanks for this work and especially for the clear Section 1.2. There are just two minor Comments I'd like you to look at... --- Except for noting the fact that this document obsoletes 6506, the Abstract gives no clue that this document is not a new definition of the Authentication Trailer. I'd like something like: The OSPFv3 Authentication Trailer we originally defined in RFC 6506. This document obsoletes RFC 6506 by providing a revised definition including clarifications and refinements of the procedures. --- I want to be clear that it is not your intention (as it was not the intention in RFC 6506) that the procedures in this document will form part of OSPFv3. That is, in your opinion, a new implementation of OSPFv3 is free to ignore this document and not consider it an essential part of the protocol. If I have stated it correctly, there is nothing for you to do. If I have it wrong then some changes to the document are needed (at least "updates 5340"). |
2013-12-02
|
03 | Adrian Farrel | [Ballot Position Update] New position, Yes, has been recorded for Adrian Farrel |
2013-12-02
|
03 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2013-11-30
|
03 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2013-11-29
|
03 | Brian Carpenter | Request for Telechat review by GENART Completed: Ready. Reviewer: Brian Carpenter. |
2013-11-28
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Victor Kuarsingh. |
2013-11-27
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
2013-11-27
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
2013-11-26
|
03 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2013-11-26
|
03 | Stewart Bryant | Placed on agenda for telechat - 2013-12-05 |
2013-11-26
|
03 | Stewart Bryant | Changed consensus to Yes from Unknown |
2013-11-26
|
03 | Stewart Bryant | State changed to IESG Evaluation from Waiting for Writeup |
2013-11-26
|
03 | Stewart Bryant | Ballot has been issued |
2013-11-26
|
03 | Stewart Bryant | [Ballot Position Update] New position, Yes, has been recorded for Stewart Bryant |
2013-11-26
|
03 | Stewart Bryant | Created "Approve" ballot |
2013-11-26
|
03 | Stewart Bryant | Ballot writeup was changed |
2013-11-26
|
03 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-03.txt |
2013-11-26
|
02 | (System) | State changed to Waiting for Writeup from In Last Call (ends 2013-11-26) |
2013-11-22
|
02 | Pearl Liang | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ospf-rfc6506bis-02. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ospf-rfc6506bis-02. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon as possible. We received the following comments/questions from the IANA's reviewer: IANA has questions about the IANA Considerations section of this document. IANA understands that, upon approval of this document, there are no IANA Actions that need completion. IANA requests that the IANA Considerations section of the document remain in place upon publication. IANA notes that the IANA Considerations section makes reference to the AT-bit (0x000400) in the "OSPFv3 Options (24 bits)" registry located at: http://www.iana.org/assignments/ospfv3-parameters/ this option was registered as part of the IANA actions for RFC 6506. Should the reference for this option be updated to [ RFC-to-be ]? Also, IANA notes that the IANA Considerations section makes reference to two registries that already exist and that are populated with the entries indicated in the text of the IANA Considerations section. These registries are: the "OSPFv3 Authentication Types" registry (http://www.iana.org/assignments/ospfv3-authentication-trailer-options) and, the "Authentication Cryptographic Protocol ID" registry (http://www.iana.org/assignments/authentication-cryptographic-protocol-id) Should these registries have their references updated to [ RFC-to-be ]? Or, Should these two registries be moved to the existing OSPFv3 Parameters registry located at http://www.iana.org/assignments/ospfv3-parameters? Also, we notices that Open Shortest Path First v3 (OSPFv3) is part of the title of the "OSPFv3 Authentication Types" registry whereas OSPFv3 is not listed anywhere in the "Authentication Cryptographic Protocol ID" registry. Question: should OSPFv3 be included in the title of the "Authentication Cryptographic Protocol ID" registry? Please see: the IANA protocol matrix located at: http://www.iana.org/protocols In fact, it appears that the texts in the IANA Considerations section in this bis document is a copy of the IC section of RFC 6506. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2013-11-12
|
02 | Brian Carpenter | Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Brian Carpenter. |
2013-11-12
|
02 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-02.txt |
2013-11-11
|
01 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Victor Kuarsingh |
2013-11-11
|
01 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Victor Kuarsingh |
2013-10-31
|
01 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2013-10-31
|
01 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2013-10-31
|
01 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Brian Weis |
2013-10-31
|
01 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Brian Weis |
2013-10-29
|
01 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2013-10-29
|
01 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Supporting Authentication Trailer for OSPFv3) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Supporting Authentication Trailer for OSPFv3) to Proposed Standard The IESG has received a request from the Open Shortest Path First IGP WG (ospf) to consider the following document: - 'Supporting Authentication Trailer for OSPFv3' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-11-26. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Currently, OSPF for IPv6 (OSPFv3) uses IPsec as the only mechanism for authenticating protocol packets. This behavior is different from authentication mechanisms present in other routing protocols (OSPFv2, Intermediate System to Intermediate System (IS-IS), RIP, and Routing Information Protocol Next Generation (RIPng)). In some environments, it has been found that IPsec is difficult to configure and maintain and thus cannot be used. This document defines an alternative mechanism to authenticate OSPFv3 protocol packets so that OSPFv3 does not only depend upon IPsec for authentication. This document obsoletes RFC 6506. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-ospf-rfc6506bis/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-ospf-rfc6506bis/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-10-29
|
01 | Amy Vezza | State changed to In Last Call from Last Call Requested |
2013-10-29
|
01 | Stewart Bryant | Last call was requested |
2013-10-29
|
01 | Stewart Bryant | Ballot approval text was generated |
2013-10-29
|
01 | Stewart Bryant | Ballot writeup was generated |
2013-10-29
|
01 | Stewart Bryant | State changed to Last Call Requested from Publication Requested |
2013-10-29
|
01 | Stewart Bryant | Last call announcement was changed |
2013-10-29
|
01 | Stewart Bryant | Last call announcement was generated |
2013-10-25
|
01 | Amy Vezza | IESG process started in state Publication Requested |
2013-10-25
|
01 | Amy Vezza | Working group state set to Submitted to IESG for Publication |
2013-10-25
|
01 | Amy Vezza | Intended Status changed to Proposed Standard from None |
2013-10-25
|
01 | Amy Vezza | Shepherding AD changed to Stewart Bryant |
2013-10-25
|
01 | Abhay Roy | Changed document writeup |
2013-10-25
|
01 | Abhay Roy | Document shepherd changed to Abhay Roy |
2013-10-08
|
01 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-01.txt |
2013-08-13
|
00 | Acee Lindem | New version available: draft-ietf-ospf-rfc6506bis-00.txt |