The KARP working group is tasked to work with the routing protocol
working groups in order to improve the communication security of the
packets on the wire used by the routing protocols. This working group is
concerned with message authentication, packet integrity, and denial of
service (DoS) protection. At present, this charter explicitly excludes
confidentiality and non-repudiation concerns.
Authenticating the routing peer sending a message, and message integrity
protection, will be provided through the use of per-packet cryptographic
message authentication. Peer authentication will protect against
unrecognized peers, imposter peers, and some DoS attacks aimed at
routers. Protecting against misbehavior of an otherwise allowed peer
router is outside the scope of this working group.
Many routing protocols (or groups of protocols) already have some
method for accomplishing cryptographic message authentication.
In many or most cases existing methods are vulnerable to known
attack, and some employ cryptographic algorithms that have been
deprecated. While much work has been done to update authentication
of routing protocols, current status is not consistently up to date.
It is important to review and update those mechanisms to use modern
security practices. Ensuring algorithm agility within routing
protocols is of particular importance.
A goal of the working group is to add incremental security
to existing mechanisms rather than replacing them. Better deployable
solutions to which vendors and operators can migrate is more important
than getting a perfect security solution.
Although there are many candidate routing protocols to evaluate, KARP
must by necessity begin with a restricted focus. The initial set of
routing protocols in scope include BGP, OSPFv2, OSPFv3, PCE, PIM, LDP,
RSVP-TE, ISIS, BFD, LMP, and MSDP.
The working group must coordinate very closely with other working
groups, such as:
- Routing protocol working groups for any routing protocol being
evaluated. This coordination will include cooperatively determining the
current or already planned state of the security work in the protocol.
It will also include ensuring that any proposed mechanisms are
consistent with the architecture and use of the protocol. Also, any
specific proposal accepted as a KARP document will be developed in
cooperation with the concerned protocol working group.
- Security area working groups for cryptographic advice, and/or key
management protocol support. Cryptographic protocol support may be
required in order to support certain KARP WG milestones. Coordination
with an appropriate working group in the security area would be
necessary in order to get the appropriate expertise in completing a
milestone. This charter provides for preliminary work in this space,
although it is expected that detailed work items will be added to the
charter when the problem has been better analyzed. For example, this may
include a key management protocol by which routing protcols
automatically negotiate keying material and policy. More about the use
of a key management protocol will be captured in a framework document
- OPSEC working group for advice on best practices to create and use
integrity keys used with routing protocol message authentication. KARP
will also coordinate with other Operations and Management area WGs
and/or experts in order to identify operational impacts on existing
routing protocols and to identify any management extensions that may
Routing protocols use a range of transport mechanisms and communication
relationships. There are also differences in details among the various
protocols. The working group will attempt to describe the security
relevant characteristics of routings protocols, such as the use or
non-use of TCP, or the frequent use of group communication versus purely
pairwise communication. Using these characteristics, the working group
will then provide suitable common frameworks that can be applied, and
tailored, to improve the communication security of the routing
protocols. In later phases, it is expected that the working group will
investigate the suitably of defining conceptual structures and APIs, so
as to enable further work to be more effective.
- Determine current threats to the routing protocol operation, and
define general requirements for cryptographic authentication of routing
protocols. A primary source for this document should be
draft-lebovitz-karp-roadmap, although RFC 4393 may also be useful.
- Identify deficiencies of each routing protocol in scope, and specify
mechanisms that bring them in line with the general requirements. These
are referred to as protocol gap analysis documents.
- Define one or more frameworks describing the common elements for
modern authentication in routing protocols.
- Publish guidance on how to create a gap analysis for routing
- Publish guidance on guidance to operators on how to create and use
integrity keys used with routing protocol message authentication.
- Specify automated key management needs for routing protocols.