Security Issues in PIM-SM Link-local Messages
draft-atwood-pim-sm-linklocal-01
| Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | J. William Atwood , Salekul Islam | ||
| Last updated | 2008-04-16 (Latest revision 2006-06-27) | ||
| Replaced by | draft-ietf-pim-sm-linklocal | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-pim-sm-linklocal | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document proposes some additions to the specification of the Protocol Independent Multicast - Sparse Mode (PIM-SM) Protocol regarding security issues of its link-local messages. Although the new specifications for IPsec architecture (RFC 4301) and Authorization Header (RFC 4302) permit the use of anti-replay, they counsel against its use for multi-sender, multicast Security Associations. This makes PIM-SM vulnerable to Denial of Service (DoS) attack. In this document, a new proposal is presented to protect PIM link-local messages while activating the anti-replay mechanism as well. This proposal builds on the new Security Association lookup method that has been specified in RFC 4301 and RFC 4302.
Authors
J. William Atwood
Salekul Islam
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)