OSPF Cryptographic Authentication
draft-ietf-ospf-md5-02

Document Type Expired Internet-Draft (ospf WG)
Last updated 1995-03-17 (latest revision 1994-10-14)
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-ospf-md5-02.txt

Abstract

Growth in the Internet has made us aware of the need for improved authentication of routing information. OSPF provides two authentication mechanisms for use in an area: 'No Authentication' and 'Simple Password'. Both are vulnerable to passive attacks currently widespread in the Internet. Well-understood security issues exist in routing protocols [4]. Clear text passwords, currently specified for use with OSPF, are no longer considered sufficient [5]. If authentication is disabled, then only simple misconfigurations are detected. Simple passwords transmitted in the clear will further protect against the honest neighbor, but are useless in the general case. By simply capturing information on the wire - straightforward even in a remote environment - a hostile process can learn the password and overcome the network.

Authors

Fred Baker (fred.baker@cisco.com)
Randall Atkinson (rja@extremenetworks.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)