RIP-2 MD5 Authentication
RFC 2082

Document Type RFC - Proposed Standard (January 1997; No errata)
Obsoleted by RFC 4822
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2082 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          F. Baker
Request for Comments: 2082                                  R. Atkinson
Category: Standards Track                                 Cisco Systems
                                                           January 1997

                        RIP-2 MD5 Authentication

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Table of Contents

   1 Use of Imperatives ...........................................    1
   2 Introduction .................................................    2
   3 Implementation Approach ......................................    3
   3.1 RIP-2 PDU Format ...........................................    3
   3.2 Processing Algorithm .......................................    5
   3.2.1 Message Generation .......................................    6
   3.2.2 Message Reception ........................................    7
   4 Management Procedures ........................................    7
   4.1 Key Management Requirements ................................    7
   4.2 Key Management Procedures ..................................    8
   4.3 Pathological Cases .........................................    9
   5 Conformance Requirements .....................................    9
   6 Acknowledgments ..............................................   10
   7 References ...................................................   10
   8 Security Considerations ......................................   11
   9 Chairman's Address ...........................................   11
   10 Authors' Addresses ..........................................   12

1.  Use of Imperatives

   Throughout this document, the words that are used to define the
   significance of particular requirements are capitalized.  These words
   are:

   MUST

      This word or the adjective "REQUIRED" means that the item is an
      absolute requirement of this specification.

Baker & Atkinson            Standards Track                     [Page 1]
RFC 2082                RIP-2 MD5 Authentication            January 1997

   MUST NOT

      This phrase means that the item is an absolute prohibition of this
      specification.

   SHOULD

      This word or the adjective "RECOMMENDED" means that there may
      exist valid reasons in particular circumstances to ignore this
      item, but the full implications should be understood and the case
      carefully weighed before choosing a different course.

   SHOULD NOT

      This phrase means that there may exist valid reasons in particular
      circumstances when the listed behavior is acceptable or even
      useful, but the full implications should be understood and the
      case carefully weighed before implementing any behavior described
      with this label.

   MAY
      This word or the adjective "OPTIONAL" means that this item is
      truly optional.  One vendor may choose to include the item because
      a particular marketplace requires it or because it enhances the
      product, for example; another vendor may omit the same item.

2.  Introduction

   Growth in the Internet has made us aware of the need for improved
   authentication of routing information.  RIP-2 provides for
   unauthenticated service (as in classical RIP), or password
   authentication.  Both are vulnerable to passive attacks currently
   widespread in the Internet.  Well-understood security issues exist in
   routing protocols [4].  Clear text passwords, currently specified for
   use with RIP-2, are no longer considered sufficient [5].

   If authentication is disabled, then only simple misconfigurations are
   detected.  Simple passwords transmitted in the clear will further
   protect against the honest neighbor, but are useless in the general
   case.  By simply capturing information on the wire - straightforward
   even in a remote environment - a hostile process can learn the
   password and overcome the network.

   We propose that RIP-2 use an authentication algorithm, as was
   originally proposed for SNMP Version 2, augmented by a sequence
   number.  Keyed MD5 is proposed as the standard authentication
   algorithm for RIP-2, but the mechanism is intended to be algorithm-
   independent.  While this mechanism is not unbreakable (no known

Baker & Atkinson            Standards Track                     [Page 2]
RFC 2082                RIP-2 MD5 Authentication            January 1997
Show full document text