Security Issues in PIM-SM Link-local Messages
draft-atwood-pim-sm-linklocal-01

 
Document Type Replaced Internet-Draft (individual)
Last updated 2008-04-16 (latest revision 2006-06-27)
Replaced by draft-ietf-pim-sm-linklocal
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-pim-sm-linklocal
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-atwood-pim-sm-linklocal-01.txt

Abstract

This document proposes some additions to the specification of the Protocol Independent Multicast - Sparse Mode (PIM-SM) Protocol regarding security issues of its link-local messages. Although the new specifications for IPsec architecture (RFC 4301) and Authorization Header (RFC 4302) permit the use of anti-replay, they counsel against its use for multi-sender, multicast Security Associations. This makes PIM-SM vulnerable to Denial of Service (DoS) attack. In this document, a new proposal is presented to protect PIM link-local messages while activating the anti-replay mechanism as well. This proposal builds on the new Security Association lookup method that has been specified in RFC 4301 and RFC 4302.

Authors

William Atwood (bill@cse.concordia.ca)
Salekul Islam (salek_is@cse.concordia.ca)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)