RFC 7474

Security Extension for OSPFv2 When Using Manual Key Management, April 2015

Canonical URL:
https://www.rfc-editor.org/rfc/rfc7474.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Updates:
RFC 2328, RFC 5709
Authors:
M. Bhatia
S. Hartman
D. Zhang
A. Lindem, Ed.
Stream:
IETF
Source:
ospf (rtg)

Cite this RFC: TXT  |  XML

DOI:  http://dx.doi.org/10.17487/RFC7474

Discuss this RFC: Send questions or comments to ospf@ietf.org

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The current OSPFv2 cryptographic authentication mechanism as defined in RFCs 2328 and 5709 is vulnerable to both inter-session and intra- session replay attacks when using manual keying. Additionally, the existing cryptographic authentication mechanism does not cover the IP header. This omission can be exploited to carry out various types of attacks. This document defines changes to the authentication sequence number mechanism that will protect OSPFv2 from both inter-session and intra- session replay attacks when using manual keys for securing OSPFv2 protocol packets. Additionally, we also describe some changes in the cryptographic hash computation that will eliminate attacks resulting from OSPFv2 not protecting the IP header.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×