RIP-2 MD5 Authentication
RFC 2082
Document | Type |
RFC - Proposed Standard
(January 1997; No errata)
Obsoleted by RFC 4822
Was draft-ietf-ripv2-md5 (ripv2 WG)
|
|
---|---|---|---|
Authors | Randall Atkinson , Fred Baker | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 2082 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group F. Baker Request for Comments: 2082 R. Atkinson Category: Standards Track Cisco Systems January 1997 RIP-2 MD5 Authentication Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Table of Contents 1 Use of Imperatives ........................................... 1 2 Introduction ................................................. 2 3 Implementation Approach ...................................... 3 3.1 RIP-2 PDU Format ........................................... 3 3.2 Processing Algorithm ....................................... 5 3.2.1 Message Generation ....................................... 6 3.2.2 Message Reception ........................................ 7 4 Management Procedures ........................................ 7 4.1 Key Management Requirements ................................ 7 4.2 Key Management Procedures .................................. 8 4.3 Pathological Cases ......................................... 9 5 Conformance Requirements ..................................... 9 6 Acknowledgments .............................................. 10 7 References ................................................... 10 8 Security Considerations ...................................... 11 9 Chairman's Address ........................................... 11 10 Authors' Addresses .......................................... 12 1. Use of Imperatives Throughout this document, the words that are used to define the significance of particular requirements are capitalized. These words are: MUST This word or the adjective "REQUIRED" means that the item is an absolute requirement of this specification. Baker & Atkinson Standards Track [Page 1] RFC 2082 RIP-2 MD5 Authentication January 1997 MUST NOT This phrase means that the item is an absolute prohibition of this specification. SHOULD This word or the adjective "RECOMMENDED" means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. SHOULD NOT This phrase means that there may exist valid reasons in particular circumstances when the listed behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label. MAY This word or the adjective "OPTIONAL" means that this item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item. 2. Introduction Growth in the Internet has made us aware of the need for improved authentication of routing information. RIP-2 provides for unauthenticated service (as in classical RIP), or password authentication. Both are vulnerable to passive attacks currently widespread in the Internet. Well-understood security issues exist in routing protocols [4]. Clear text passwords, currently specified for use with RIP-2, are no longer considered sufficient [5]. If authentication is disabled, then only simple misconfigurations are detected. Simple passwords transmitted in the clear will further protect against the honest neighbor, but are useless in the general case. By simply capturing information on the wire - straightforward even in a remote environment - a hostile process can learn the password and overcome the network. We propose that RIP-2 use an authentication algorithm, as was originally proposed for SNMP Version 2, augmented by a sequence number. Keyed MD5 is proposed as the standard authentication algorithm for RIP-2, but the mechanism is intended to be algorithm- independent. While this mechanism is not unbreakable (no known Baker & Atkinson Standards Track [Page 2] RFC 2082 RIP-2 MD5 Authentication January 1997 mechanism is), it provides a greatly enhanced probability that a system being attacked will detect and ignore hostile messages. This is because we transmit the output of an authentication algorithmShow full document text