errata logo graphic

Found 2 records.

Status: Rejected (2)

RFC5310, "IS-IS Generic Cryptographic Authentication", February 2009

Source of RFC: isis (rtg)

Errata ID: 2461

Status: Rejected
Type: Technical

Reported By: Tony Li
Date Reported: 2010-08-12
Rejected by: Adrian Farrel
Date Rejected: 2012-08-16

Section 3.4 says:

The authentication data for the IS-IS IIH PDUs MUST be computed after
the IS-IS Hello (IIH) has been padded to the MTU size, if padding is 
not explicitly disabled.

It should say:

The authentication data for the IS-IS IIH PDUs MUST be computed after
the IS-IS Hello (IIH) has been padded to the MTU size, if padding is
not explicitly disabled.

ISes (routers) that implement CRYPTO_AUTH authentication and initiate LSP
purges MUST remove the body of the LSP and add the authentication TLV.  

Notes:

The RFC ignores the case of when an IS initiates a purge. Purges MUST be authenticated explicitly, otherwise the default protocol machinery will leave open a trivial attack.
--VERIFIER NOTES--
This issue appears to be correct, but does not qualify as something that can be addressed through the Errata System because it is a functional change to the document, not a typo. If the WG feels that it needs to be addressed, this should be captured in a new I-D.


Errata ID: 2462

Status: Rejected
Type: Technical

Reported By: Tony Li
Date Reported: 2010-08-12
Rejected by: Adrian Farrel
Date Rejected: 2012-08-16

Section 3.5 says:

An implementation MAY have a transition mode where it includes
CRYPTO_AUTH information in the PDUs but does not verify this
information.  This is provided as a transition aid for networks in
the process of migrating to the new CRYPTO_AUTH-based authentication
schemes.

It should say:

An implementation MAY have a transition mode where it includes
CRYPTO_AUTH information in the PDUs but does not verify this
information.  This is provided as a transition aid for networks in
the process of migrating to the new CRYPTO_AUTH-based authentication
schemes.

ISes implementing CRYPTO_AUTH authentication MUST NOT accept
unauthenticated purges.   ISes MUST NOT accept purges that contain
TLVs other than the authentication TLV.  These restrictions are
necessary to prevent a hostile system from receiving an LSP, setting
the Remaining Lifetime field to zero, and flooding it, thereby
initiating a purge without knowing the authentication password.

Notes:

The RFC ignores the case of purges. With explicit definition, purge packets would not include authentication, which would open a trivial vector for attack.
--VERIFIER NOTES--
This issue appears to be correct, but does not qualify as something that can be addressed through the Errata System because it is a functional change to the document, not a typo. If the WG feels that it needs to be addressed, this should be captured in a new I-D.


Report New Errata