RIPv2 Cryptographic Authentication
RFC 4822

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'RIPv2 Cryptographic Authentication' 
         to Proposed Standard 

The IESG has approved the following document:

- 'RIPv2 Cryptographic Authentication '
   <draft-rja-ripv2-auth-07.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Russ Housley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-rja-ripv2-auth-07.txt

Technical Summary

  This document updates the existing RIPv2 cryptographic authentication
  mechanism specification (RFC 2082) to add support for the SHA-1 family
  of hash algorithms using the widely accepted HMAC approach, while
  retaining the existing use of Keyed MD5 for backwards compatibility.

  This enhancement provides a broader range of cryptographic choice to
  operators, while retaining backwards compatibility with the existing
  specification.

  The SHA-1 family of algorithms is generally considered to be stronger
  and have a longer useful future operational life than MD5.  The HMAC
  approach is now widely accepted by the IETF and so is used for the new
  algorithms, while retaining the historic "Keyed Hash" approach for the
  existing MD5 algorithm in order to retain backwards compatibility and
  interoperability with existing implementations.  The SHA-1 family of
  algorithms happens to be a US Federal Information Processing
  Publication (which are developed by NIST), but the family of
  algorithms are broadly accepted globally, with several different
  countries having a formal preference for that family of hash functions
  over other hash functions.

  Once approved, this document will replace RFC 2082.

Working Group Summary

  This is an individual submission.  It is not the product of any
  working group, and it has not been reviewed by any IETF working group.
  The document was is co-authored by someone at NIST, and it was also
  reviewed by several other people at NIST.  The other author is one of
  the original authors of this mechanism (from RFC 2082).  The
  desirability of undertaking this enhancement was discussed several
  months ago on the IETF Security Area Advisory Group (SAAG) mailing
  list.

Protocol Quality

  The original specification in RFC 2082 is very widely implemented and
  has demonstrated broad interoperability among a number of router
  vendors.  It is also available in at least one freely available RIPv2
  implementation for UNIX.

  The new specification has not yet been implemented.  However, the new
  protocol varies from the previous version only in the addition of
  support for additional cryptographic algorithms.  Thus, no
  implementation issues are expected.

  This document was reviewed by Russ Housley for the IESG.

IESG Note

  In the interests of encouraging rapid migration away from
  Keyed-MD5 and its known weakness, the IESG has approved this
  document even though it does not meet the guidelines in BCP 107
  (RFC 4107). However, the IESG stresses that automated key
  management should be used to establish session keys and urges
  that the future work on key management described in Section 5.6
  of this document should be performed as soon as possible.