IS-IS Cryptographic Authentication
RFC 5304
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2018-12-20
|
03 | (System) | Received changes through RFC Editor sync (changed abstract to 'This document describes the authentication of Intermediate System to Intermediate System (IS-IS) Protocol Data Units (PDUs) … Received changes through RFC Editor sync (changed abstract to 'This document describes the authentication of Intermediate System to Intermediate System (IS-IS) Protocol Data Units (PDUs) using the Hashed Message Authentication Codes - Message Digest 5 (HMAC-MD5) algorithm as found in RFC 2104. IS-IS is specified in International Standards Organization (ISO) 10589, with extensions to support Internet Protocol version 4 (IPv4) described in RFC 1195. The base specification includes an authentication mechanism that allows for multiple authentication algorithms. The base specification only specifies the algorithm for cleartext passwords. This document replaces RFC 3567. This document proposes an extension to that specification that allows the use of the HMAC-MD5 authentication algorithm to be used in conjunction with the existing authentication mechanisms. [STANDARDS-TRACK]') |
|
2017-05-16
|
03 | (System) | Changed document authors from "Tony Li" to "Tony Li, Randall Atkinson" |
|
2015-10-14
|
03 | (System) | Notify list changed from isis-chairs@ietf.org, draft-ietf-isis-rfc3567bis@ietf.org to (None) |
|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Chris Newman |
|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Pasi Eronen |
|
2008-10-06
|
03 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2008-10-06
|
03 | Amy Vezza | [Note]: 'RFC 5304' added by Amy Vezza |
|
2008-10-03
|
03 | (System) | RFC published |
|
2008-07-23
|
03 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
|
2008-07-23
|
03 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
|
2008-07-23
|
03 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
|
2008-07-23
|
03 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2008-07-22
|
03 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
|
2008-07-22
|
03 | (System) | IANA Action state changed to In Progress |
|
2008-07-22
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2008-07-22
|
03 | Amy Vezza | IESG has approved the document |
|
2008-07-22
|
03 | Amy Vezza | Closed "Approve" ballot |
|
2008-07-22
|
03 | Ross Callon | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Ross Callon |
|
2008-07-17
|
03 | Pasi Eronen | [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Undefined by Pasi Eronen |
|
2008-07-17
|
03 | Pasi Eronen | [Ballot Position Update] Position for Pasi Eronen has been changed to Undefined from Discuss by Pasi Eronen |
|
2008-07-14
|
03 | (System) | New version available: draft-ietf-isis-rfc3567bis-03.txt |
|
2008-07-14
|
03 | Chris Newman | [Ballot Position Update] Position for Chris Newman has been changed to No Objection from Discuss by Chris Newman |
|
2008-07-11
|
03 | Chris Newman | [Ballot comment] This does not appear to have a mechanism for hash function transition. That problem should be considered in the event a future revision … [Ballot comment] This does not appear to have a mechanism for hash function transition. That problem should be considered in the event a future revision of this specification is prepared. |
|
2008-07-11
|
03 | Chris Newman | [Ballot discuss] The document should not make questionable claims. In particular: > operational complexity. It is believed secure against passive > attacks, as defined in … [Ballot discuss] The document should not make questionable claims. In particular: > operational complexity. It is believed secure against passive > attacks, as defined in [RFC1704], unlike cleartext password > authentication. is not true as HMAC when used with a textual password is subject to passive dictionary attacks as well as passive brute-force attacks (although both of these passive attacks can be mitigated by using a long password or passphrase). |
|
2008-07-04
|
03 | (System) | Removed from agenda for telechat - 2008-07-03 |
|
2008-07-03
|
03 | Cindy Morgan | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Cindy Morgan |
|
2008-07-03
|
03 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
|
2008-07-03
|
03 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
|
2008-07-03
|
03 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
|
2008-07-03
|
03 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
|
2008-07-03
|
03 | Pasi Eronen | [Ballot discuss] Since this is basically the main document discussing ISIS security considerations (neither RFC 1195 nor 10589:2002 really have any text worth mentioning), it … [Ballot discuss] Since this is basically the main document discussing ISIS security considerations (neither RFC 1195 nor 10589:2002 really have any text worth mentioning), it should also say what is not addressed. The ospfv3-update draft had the following text; I think something similar should be added here. "The mechanisms in [OSPFV3-AUTH] do not provide protection against compromised, malfunctioning, or misconfigured routers. Such routers can, either accidentally or deliberately, cause malfunctions affecting the whole routing domain. The reader is encouraged to consult [GENERIC-THREATS] for a more comprehensive description of threats to routing protocols." Identified in Stephen Farrell's SecDir review: If two admins agree that the key is "cisco" and enter it in their routers, it should work -- but it requires that both implementations (esp. their management interfaces) use the same character-string to octet-string conversion algorithm. I would guess that existing implementations don't support anything else than (possibly subset of) printable ASCII characters; thus, text similar to RFC 2385 Section 4.5 should be added. The table in IANA considerations section should reference this document, not RFC3567 (which is obsoleted by this document). |
|
2008-07-03
|
03 | Pasi Eronen | [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen |
|
2008-07-03
|
03 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson |
|
2008-07-02
|
03 | Chris Newman | [Ballot discuss] The document should not make questionable claims. In particular: > operational complexity. It is believed secure against passive > attacks, as defined in … [Ballot discuss] The document should not make questionable claims. In particular: > operational complexity. It is believed secure against passive > attacks, as defined in [RFC1704], unlike cleartext password > authentication. is not true as HMAC when used with a textual password is subject to passive dictionary attacks as well as passive brute-force attacks (although both of these passive attacks can be mitigated by using a long password or passphrase). While this does a good job discussing password transition, I would like to understand the procedure for hash-function (authentication mechanism) transition. |
|
2008-07-02
|
03 | Chris Newman | [Ballot Position Update] New position, Discuss, has been recorded by Chris Newman |
|
2008-07-02
|
03 | David Ward | [Ballot Position Update] New position, Recuse, has been recorded by David Ward |
|
2008-07-02
|
03 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
|
2008-07-02
|
03 | Ron Bonica | [Ballot comment] This is a no-objection with point raised. I'm not willing to block the document over this point, but think that you should address … [Ballot comment] This is a no-objection with point raised. I'm not willing to block the document over this point, but think that you should address it in the future. What happens when a NOC guy who knew the shared secret leaves the company? Do you have to bounce all of the ISIS adjacencies so that you can change the secret. It would be great if you could change the shared secret without bouncing the adjacency. |
|
2008-07-02
|
03 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
|
2008-07-02
|
02 | (System) | New version available: draft-ietf-isis-rfc3567bis-02.txt |
|
2008-07-02
|
03 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
|
2008-07-01
|
03 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Stephen Farrell. |
|
2008-07-01
|
03 | Ross Callon | [Ballot Position Update] New position, Yes, has been recorded for Ross Callon |
|
2008-07-01
|
03 | Ross Callon | Ballot has been issued by Ross Callon |
|
2008-07-01
|
03 | Ross Callon | Created "Approve" ballot |
|
2008-06-26
|
03 | Ross Callon | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Ross Callon |
|
2008-06-26
|
03 | Ross Callon | Placed on agenda for telechat - 2008-07-03 by Ross Callon |
|
2008-06-25
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Stephen Farrell |
|
2008-06-25
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Stephen Farrell |
|
2008-06-23
|
03 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
|
2008-06-18
|
03 | Amanda Baber | IANA has a question: - Where is HMAC-MD5 defined/registered as Authentication Type 54 (0x36)? As described in the IANA Considerations section, we understand this document … IANA has a question: - Where is HMAC-MD5 defined/registered as Authentication Type 54 (0x36)? As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
|
2008-06-09
|
03 | Cindy Morgan | Last call sent |
|
2008-06-09
|
03 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
|
2008-06-09
|
03 | Ross Callon | State Changes to Last Call Requested from IESG Evaluation by Ross Callon |
|
2008-06-09
|
03 | Ross Callon | Last Call was requested by Ross Callon |
|
2008-06-09
|
03 | (System) | Ballot writeup text was added |
|
2008-06-09
|
03 | (System) | Last call text was added |
|
2008-06-09
|
03 | (System) | Ballot approval text was added |
|
2008-06-09
|
03 | Ross Callon | Removed from agenda for telechat - 2008-06-19 by Ross Callon |
|
2008-06-03
|
03 | Ross Callon | Placed on agenda for telechat - 2008-06-19 by Ross Callon |
|
2008-06-03
|
03 | Ross Callon | State Changes to IESG Evaluation from Publication Requested::External Party by Ross Callon |
|
2008-04-09
|
03 | Ross Callon | Draft Added by Ross Callon in state Publication Requested |
|
2008-03-18
|
01 | (System) | New version available: draft-ietf-isis-rfc3567bis-01.txt |
|
2008-01-17
|
00 | (System) | New version available: draft-ietf-isis-rfc3567bis-00.txt |