OSPF Cryptographic Authentication
draft-ietf-ospf-md5-02
| Document | Type | Expired Internet-Draft (ospf WG) | |
|---|---|---|---|
| Last updated | 1995-03-17 (latest revision 1994-10-14) | ||
| Stream | IETF | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
pdf
html
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-ospf-md5-02.txt
Abstract
Growth in the Internet has made us aware of the need for improved authentication of routing information. OSPF provides two authentication mechanisms for use in an area: 'No Authentication' and 'Simple Password'. Both are vulnerable to passive attacks currently widespread in the Internet. Well-understood security issues exist in routing protocols [4]. Clear text passwords, currently specified for use with OSPF, are no longer considered sufficient [5]. If authentication is disabled, then only simple misconfigurations are detected. Simple passwords transmitted in the clear will further protect against the honest neighbor, but are useless in the general case. By simply capturing information on the wire - straightforward even in a remote environment - a hostile process can learn the password and overcome the network.
Authors
Fred Baker
(fred.baker@cisco.com)
Randall Atkinson
(rja@extremenetworks.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)