RIP-2 MD5 Authentication
RFC 2082
| Document | Type |
RFC - Proposed Standard
(January 1997; No errata)
Obsoleted by RFC 4822
Was draft-ietf-ripv2-md5 (ripv2 WG)
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 2082 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group F. Baker
Request for Comments: 2082 R. Atkinson
Category: Standards Track Cisco Systems
January 1997
RIP-2 MD5 Authentication
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Table of Contents
1 Use of Imperatives ........................................... 1
2 Introduction ................................................. 2
3 Implementation Approach ...................................... 3
3.1 RIP-2 PDU Format ........................................... 3
3.2 Processing Algorithm ....................................... 5
3.2.1 Message Generation ....................................... 6
3.2.2 Message Reception ........................................ 7
4 Management Procedures ........................................ 7
4.1 Key Management Requirements ................................ 7
4.2 Key Management Procedures .................................. 8
4.3 Pathological Cases ......................................... 9
5 Conformance Requirements ..................................... 9
6 Acknowledgments .............................................. 10
7 References ................................................... 10
8 Security Considerations ...................................... 11
9 Chairman's Address ........................................... 11
10 Authors' Addresses .......................................... 12
1. Use of Imperatives
Throughout this document, the words that are used to define the
significance of particular requirements are capitalized. These words
are:
MUST
This word or the adjective "REQUIRED" means that the item is an
absolute requirement of this specification.
Baker & Atkinson Standards Track [Page 1]
RFC 2082 RIP-2 MD5 Authentication January 1997
MUST NOT
This phrase means that the item is an absolute prohibition of this
specification.
SHOULD
This word or the adjective "RECOMMENDED" means that there may
exist valid reasons in particular circumstances to ignore this
item, but the full implications should be understood and the case
carefully weighed before choosing a different course.
SHOULD NOT
This phrase means that there may exist valid reasons in particular
circumstances when the listed behavior is acceptable or even
useful, but the full implications should be understood and the
case carefully weighed before implementing any behavior described
with this label.
MAY
This word or the adjective "OPTIONAL" means that this item is
truly optional. One vendor may choose to include the item because
a particular marketplace requires it or because it enhances the
product, for example; another vendor may omit the same item.
2. Introduction
Growth in the Internet has made us aware of the need for improved
authentication of routing information. RIP-2 provides for
unauthenticated service (as in classical RIP), or password
authentication. Both are vulnerable to passive attacks currently
widespread in the Internet. Well-understood security issues exist in
routing protocols [4]. Clear text passwords, currently specified for
use with RIP-2, are no longer considered sufficient [5].
If authentication is disabled, then only simple misconfigurations are
detected. Simple passwords transmitted in the clear will further
protect against the honest neighbor, but are useless in the general
case. By simply capturing information on the wire - straightforward
even in a remote environment - a hostile process can learn the
password and overcome the network.
We propose that RIP-2 use an authentication algorithm, as was
originally proposed for SNMP Version 2, augmented by a sequence
number. Keyed MD5 is proposed as the standard authentication
algorithm for RIP-2, but the mechanism is intended to be algorithm-
independent. While this mechanism is not unbreakable (no known
Baker & Atkinson Standards Track [Page 2]
RFC 2082 RIP-2 MD5 Authentication January 1997
mechanism is), it provides a greatly enhanced probability that a
system being attacked will detect and ignore hostile messages. This
is because we transmit the output of an authentication algorithm
Show full document text