Keying and Authentication for Routing Protocols (KARP) Overview, Threats, and Requirements
RFC 6862
Document | Type | RFC - Informational (March 2013; No errata) | |
---|---|---|---|
Authors | Gregory Lebovitz , Manav Bhatia , Brian Weis | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Brian Weis | ||
Shepherd write-up | Show (last changed 2012-09-13) | ||
IESG | IESG state | RFC 6862 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Stewart Bryant | ||
IESG note | Brian Weis (bew@cisco.com) is the document shepherd. | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) G. Lebovitz Request for Comments: 6862 Category: Informational M. Bhatia ISSN: 2070-1721 Alcatel-Lucent B. Weis Cisco Systems March 2013 Keying and Authentication for Routing Protocols (KARP) Overview, Threats, and Requirements Abstract Different routing protocols employ different mechanisms for securing protocol packets on the wire. While most already have some method for accomplishing cryptographic message authentication, in many cases the existing methods are dated, vulnerable to attack, and employ cryptographic algorithms that have been deprecated. The "Keying and Authentication for Routing Protocols" (KARP) effort aims to overhaul and improve these mechanisms. This document does not contain protocol specifications. Instead, it defines the areas where protocol specification work is needed. This document is a companion document to RFC 6518, "Keying and Authentication for Routing Protocols (KARP) Design Guidelines"; together they form the guidance and instruction KARP design teams will use to review and overhaul routing protocol transport security. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6862. Lebovitz, et al. Informational [Page 1] RFC 6862 KARP Overview, Threats, and Requirements March 2013 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Requirements Language . . . . . . . . . . . . . . . . . . 7 2. KARP Effort Overview . . . . . . . . . . . . . . . . . . . . . 7 2.1. KARP Scope . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2. Incremental Approach . . . . . . . . . . . . . . . . . . . 8 2.3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4. Non-Goals . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5. Audience . . . . . . . . . . . . . . . . . . . . . . . . . 12 3. Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1. Threat Sources . . . . . . . . . . . . . . . . . . . . . . 13 3.1.1. OUTSIDERS . . . . . . . . . . . . . . . . . . . . . . 13 3.1.2. Unauthorized Key Holder . . . . . . . . . . . . . . . 14 3.1.2.1. Terminated Employee . . . . . . . . . . . . . . . 15 3.1.3. BYZANTINE . . . . . . . . . . . . . . . . . . . . . . 15 3.2. Threat Actions In Scope . . . . . . . . . . . . . . . . . 16 3.3. Threat Actions Out of Scope . . . . . . . . . . . . . . . 17 4. Requirements for KARP Work Phase 1: Update to a Routing Protocol's Existing Transport Security . . . . . . . . . . . . 18 5. Security Considerations . . . . . . . . . . . . . . . . . . . 23 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 7.1. Normative References . . . . . . . . . . . . . . . . . . . 24 7.2. Informative References . . . . . . . . . . . . . . . . . . 24 Lebovitz, et al. Informational [Page 2] RFC 6862 KARP Overview, Threats, and Requirements March 2013 1. Introduction In March 2006, the Internet Architecture Board (IAB) held a workshopShow full document text