Authentication and Confidentiality in Protocol Independent Multicast Sparse Mode (PIM-SM) Link-Local Messages
draft-ietf-pim-sm-linklocal-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Jari Arkko |
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Tim Polk |
2010-03-02
|
10 | Cindy Morgan | State Change Notice email list have been change to pim-chairs@tools.ietf.org, draft-ietf-pim-sm-linklocal@tools.ietf.org, rfc-ise@rfc-editor.org from pim-chairs@tools.ietf.org, draft-ietf-pim-sm-linklocal@tools.ietf.org |
2009-12-22
|
10 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2009-12-22
|
10 | (System) | IANA Action state changed to No IC from In Progress |
2009-12-22
|
10 | (System) | IANA Action state changed to In Progress |
2009-12-22
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent |
2009-12-22
|
10 | Amy Vezza | IESG has approved the document |
2009-12-22
|
10 | Amy Vezza | Closed "Approve" ballot |
2009-12-22
|
10 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
2009-12-16
|
10 | Jari Arkko | [Ballot Position Update] Position for Jari Arkko has been changed to No Objection from Discuss by Jari Arkko |
2009-12-16
|
10 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk |
2009-12-16
|
10 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk |
2009-12-16
|
10 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2009-12-16
|
10 | (System) | New version available: draft-ietf-pim-sm-linklocal-10.txt |
2009-12-04
|
10 | (System) | Removed from agenda for telechat - 2009-12-03 |
2009-12-03
|
10 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Brian Weis. |
2009-12-03
|
10 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
2009-12-03
|
10 | Tim Polk | [Ballot discuss] Given the known limitations of manual keying, and the limitations of current automated keying methods for routing protocols, I am comfortable with manual … [Ballot discuss] Given the known limitations of manual keying, and the limitations of current automated keying methods for routing protocols, I am comfortable with manual keying being the mandatory to implement method. However, we are about to form a wg with the goal of developing practical automated key management for routing protocols. I think it would be prudent to specify the "unique Security Association for each peer" method (method one in Section 8, as described in Figure 2 and paragraph 2 of section 8) as SHOULD implement. Implementations that support this method will be more amenable to migrating from manual keying to automated keying. |
2009-12-03
|
10 | Tim Polk | [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk |
2009-12-02
|
10 | Jari Arkko | [Ballot discuss] The document says: o PIM-SM packets that fail the confidentiality checks MUST be silently discarded, although an implementation is RECOMMENDED to … [Ballot discuss] The document says: o PIM-SM packets that fail the confidentiality checks MUST be silently discarded, although an implementation is RECOMMENDED to maintain a counter of such packets. Note: this is an auditable event as described in RFC 4302 [RFC4302] and RFC 4303 [RFC4303]. What is the "confidentiality check"? Is this a copy-paste-error from the authentication text few lines above, or do you have some specific requirement on what kind of an ESP SA needs to be used? But the SPD and SAD already define the requirements on those, so its not clear to me why you have to say anything additional. |
2009-12-02
|
10 | Jari Arkko | [Ballot discuss] The document says: o PIM-SM packets that fail the confidentiality checks MUST be silently discarded, although an implementation is RECOMMENDED to … [Ballot discuss] The document says: o PIM-SM packets that fail the confidentiality checks MUST be silently discarded, although an implementation is RECOMMENDED to maintain a counter of such packets. Note: this is an auditable event as described in RFC 4302 [RFC4302] and RFC 4303 [RFC4303]. What is the "confidentiality check"? Is this a copy-paste-error from the authentication few lines above, or do you have some specific requirement on what kind of an ESP SA needs to be used? But the SPD and SAD already define the requirements on those, so its not clear to me why you have to say anything additional. |
2009-12-02
|
10 | Jari Arkko | [Ballot Position Update] New position, Discuss, has been recorded by Jari Arkko |
2009-12-02
|
10 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2009-12-02
|
10 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2009-12-02
|
10 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2009-12-01
|
10 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2009-12-01
|
10 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
2009-12-01
|
10 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2009-11-30
|
10 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2009-11-30
|
10 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2009-11-30
|
10 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2009-11-28
|
10 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov |
2009-11-28
|
10 | Alexey Melnikov | [Ballot comment] 4. Authentication Implementations conforming to this specification MUST support authentication for PIM-SM link-local messages. Implementations conforming to this specification MUST … [Ballot comment] 4. Authentication Implementations conforming to this specification MUST support authentication for PIM-SM link-local messages. Implementations conforming to this specification MUST support HMAC-SHA1. A reference to the document that defines authentication using HMAC-SHA1 would be very helpful here. And BTW, did you mean HMAC-SHA1-96 mentioned in RFC 4835? 5. Confidentiality Implementations conforming to this specification SHOULD support confidentiality for PIM-SM. Implementations supporting confidentiality MUST support AES-CBC with a 128-bit key. As above. |
2009-11-22
|
10 | Adrian Farrel | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Adrian Farrel |
2009-11-22
|
10 | Adrian Farrel | [Ballot Position Update] New position, Yes, has been recorded for Adrian Farrel |
2009-11-22
|
10 | Adrian Farrel | Ballot has been issued by Adrian Farrel |
2009-11-22
|
10 | Adrian Farrel | Created "Approve" ballot |
2009-11-22
|
10 | Adrian Farrel | Placed on agenda for telechat - 2009-12-03 by Adrian Farrel |
2009-11-20
|
10 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2009-11-18
|
10 | Amanda Baber | IANA comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
2009-11-02
|
10 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Brian Weis |
2009-11-02
|
10 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Brian Weis |
2009-10-27
|
10 | Amy Vezza | Last call sent |
2009-10-27
|
10 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2009-10-27
|
10 | Adrian Farrel | State Changes to Last Call Requested from AD Evaluation::AD Followup by Adrian Farrel |
2009-10-27
|
10 | Adrian Farrel | Last Call was requested by Adrian Farrel |
2009-10-27
|
10 | (System) | Ballot writeup text was added |
2009-10-27
|
10 | (System) | Last call text was added |
2009-10-27
|
10 | (System) | Ballot approval text was added |
2009-10-26
|
10 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2009-10-26
|
09 | (System) | New version available: draft-ietf-pim-sm-linklocal-09.txt |
2009-07-26
|
10 | Adrian Farrel | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Adrian Farrel |
2009-05-15
|
10 | Adrian Farrel | [Note]: 'Document shepherd is Stig Venaas <stig@venaas.com>' added by Adrian Farrel |
2009-05-11
|
10 | Adrian Farrel | State Changes to AD Evaluation from Publication Requested by Adrian Farrel |
2009-05-05
|
10 | Amy Vezza | Here is the write-up. > (1.a) Who is the Document Shepherd for this document? Has the > Document Shepherd personally reviewed this version of the … Here is the write-up. > (1.a) Who is the Document Shepherd for this document? Has the > Document Shepherd personally reviewed this version of the > document and, in particular, does he or she believe this > version is ready for forwarding to the IESG for publication? Stig Venaas, yes. > (1.b) Has the document had adequate review both from key WG members > and from key non-WG members? Does the Document Shepherd have > any concerns about the depth or breadth of the reviews that > have been performed? The document has been reviewed by several WG members and by SecDir. > (1.c) Does the Document Shepherd have concerns that the document > needs more review from a particular or broader perspective, > e.g., security, operational complexity, someone familiar with > AAA, internationalization or XML? No > (1.d) Does the Document Shepherd have any specific concerns or > issues with this document that the Responsible Area Director > and/or the IESG should be aware of? For example, perhaps he > or she is uncomfortable with certain parts of the document, or > has concerns whether there really is a need for it. In any > event, if the WG has discussed those issues and has indicated > that it still wishes to advance the document, detail those > concerns here. Has an IPR disclosure related to this document > been filed? If so, please include a reference to the > disclosure and summarize the WG discussion and conclusion on > this issue. No > (1.e) How solid is the WG consensus behind this document? Does it > represent the strong concurrence of a few individuals, with > others being silent, or does the WG as a whole understand and > agree with it? Unfortunately we got no responses on the WG mailing list to the last call of the document. The chairs believe this is because the draft really is about IPsec and there seems to be limited expertise on that in the WG. At the WG meeting in San Francisco (shortly after the WGLC ended), we asked the room whether people thought it should be sent to the IESG. We had 4 in favor, none against. > (1.f) Has anyone threatened an appeal or otherwise indicated extreme > discontent? If so, please summarise the areas of conflict in > separate email messages to the Responsible Area Director. (It > should be in a separate email because this questionnaire is > entered into the ID Tracker.) No > (1.g) Has the Document Shepherd personally verified that the > document satisfies all ID nits? (See > http://www.ietf.org/ID-Checklist.html and > http://tools.ietf.org/tools/idnits/). Boilerplate checks are > not enough; this check needs to be thorough. Has the document > met all formal review criteria it needs to, such as the MIB > Doctor, media type and URI type reviews? Yes. The idnits tool has a couple of warnings on pre-rfc5378 and an obsolete reference, but this is intentional. > (1.h) Has the document split its references into normative and > informative? Are there normative references to documents that > are not ready for advancement or are otherwise in an unclear > state? If such normative references exist, what is the > strategy for their completion? Are there normative references > that are downward references, as described in [RFC3967]? If > so, list these downward references to support the Area > Director in the Last Call procedure for them [RFC3967]. Split: Yes Downref: No > (1.i) Has the Document Shepherd verified that the document IANA > consideration section exists and is consistent with the body > of the document? If the document specifies protocol > extensions, are reservations requested in appropriate IANA > registries? Are the IANA registries clearly identified? If > the document creates a new registry, does it define the > proposed initial contents of the registry and an allocation > procedure for future registrations? Does it suggest a > reasonable name for the new registry? See [RFC5226]. If the > document describes an Expert Review process has Shepherd > conferred with the Responsible Area Director so that the IESG > can appoint the needed Expert during the IESG Evaluation? No IANA actions. > (1.j) Has the Document Shepherd verified that sections of the > document that are written in a formal language, such as XML > code, BNF rules, MIB definitions, etc., validate correctly in > an automated checker? Yes, no formal language > (1.k) The IESG approval announcement includes a Document > Announcement Write-Up. Please provide such a Document > Announcement Write-Up? Recent examples can be found in the > "Action" announcements for approved documents. The approval > announcement contains the following sections: > > Technical Summary RFC 4601 mandates the use of IPsec to ensure authentication of the link-local messages in the Protocol Independent Multicast - Sparse Mode (PIM-SM) routing protocol. This document specifies mechanisms to authenticate the PIM-SM link-local messages using the IP security (IPsec) Encapsulating Security Payload (ESP) or (optionally) the Authentication Header (AH). It specifies optional mechanisms to provide confidentiality using the ESP. Manual keying is specified as the mandatory and default group key management solution. To deal with issues of scalability and security that exist with manual keying, an optional support for automated group key management mechanism is provided. However, the procedures for implementing automated group key management are left to other documents. This document updates RFC 4601. > Working Group Summary Due to limited IPsec expertise in the PIM wg, there was limited input from the wg on this document. > Document Quality We are not aware of any implementations, although one is planned for the summer 2009. The document had substantial improvements from a SecDir review by Brian Weis. |
2009-05-05
|
10 | Amy Vezza | Draft Added by Amy Vezza in state Publication Requested |
2009-04-14
|
08 | (System) | New version available: draft-ietf-pim-sm-linklocal-08.txt |
2009-02-26
|
10 | Samuel Weiler | Request for Early review by SECDIR Completed. Reviewer: Brian Weis. |
2009-02-26
|
07 | (System) | New version available: draft-ietf-pim-sm-linklocal-07.txt |
2009-02-04
|
06 | (System) | New version available: draft-ietf-pim-sm-linklocal-06.txt |
2009-01-15
|
10 | Samuel Weiler | Request for Early review by SECDIR is assigned to Brian Weis |
2009-01-15
|
10 | Samuel Weiler | Request for Early review by SECDIR is assigned to Brian Weis |
2008-11-03
|
05 | (System) | New version available: draft-ietf-pim-sm-linklocal-05.txt |
2008-08-29
|
04 | (System) | New version available: draft-ietf-pim-sm-linklocal-04.txt |
2008-08-28
|
10 | (System) | Document has expired |
2008-02-25
|
03 | (System) | New version available: draft-ietf-pim-sm-linklocal-03.txt |
2007-11-19
|
02 | (System) | New version available: draft-ietf-pim-sm-linklocal-02.txt |
2007-07-10
|
01 | (System) | New version available: draft-ietf-pim-sm-linklocal-01.txt |
2006-10-16
|
00 | (System) | New version available: draft-ietf-pim-sm-linklocal-00.txt |