Deprecating MD5 for LDP
draft-nslag-mpls-deprecate-md5-03

Document Type Active Internet-Draft (individual)
Last updated 2018-09-03
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
MPLS Working Group                                          L. Andersson
Internet-Draft                                  Bronze Dragon Consulting
Intended status: Informational                                 S. Bryant
Expires: March 7, 2019                                          A. Malis
                                                     Huawei Technologies
                                                              N. Leymann
                                                        Deutsche Telekom
                                                              G. Swallow
                                                             Independent
                                                       September 3, 2018

                        Deprecating MD5 for LDP
                   draft-nslag-mpls-deprecate-md5-03

Abstract

   When the MPLS Label Distribution Protocol (LDP) was specified circa
   1999, there were very strong requirements that LDP should use a
   cryptographic hash function to sign LDP protocol messages.  MD5 was
   widely used at that time, and was the obvious choices.

   However, even when this decision was being taken there were concerns
   as to whether MD5 was a strong enough signing option.  This
   discussion was briefly reflected in section 5.1 of RFC 5036 [RFC5036]
   (and also in RFC 3036 [RFC3036]).

   Over time it has been shown that MD5 can be compromised.  Thus, there
   is a concern shared in the security community and the working groups
   responsible for the development of the LDP protocol that LDP is no
   longer adequately secured.

   This document deprecates MD5 as the signing method for LDP messages.
   The document also selects a future method to secure LDP messages -
   the choice is TCP-AO.  In addition, we specify that the TBD
   cryptographic mechanism is to be the default TCP-AO security method.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

Andersson, et al.         Expires March 7, 2019                 [Page 1]
Internet-Draft           Deprecating MD5 for LDP          September 2018

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 7, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirement Language  . . . . . . . . . . . . . . . . . .   3
   2.  Background  . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  LDP in RFC 5036 . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  MD5 in BGP  . . . . . . . . . . . . . . . . . . . . . . .   3
     2.3.  Prior Art . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Securing LDP  . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   RFC 3036 was published in January 2001 as a Proposed Standard, and it
   was replaced by RFC 5035, which is a Draft Standard, in October 2007.
   Two decades after LDP was originally specified there is a concern
   shared by the security community and the IETF working groups that
   develop the LDP protocol that LDP is no longer adequately secured.

Andersson, et al.         Expires March 7, 2019                 [Page 2]
Internet-Draft           Deprecating MD5 for LDP          September 2018
Show full document text