Network Working Group M. Bhatia
Request for Comments: 5310 Alcatel-Lucent
Category: Standards Track V. Manral
IP Infusion
T. Li
Redback Networks Inc.
R. Atkinson
Extreme Networks
R. White
Cisco Systems
M. Fanto
Aegis Data Security
February 2009
IS-IS Generic Cryptographic Authentication
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document proposes an extension to Intermediate System to
Intermediate System (IS-IS) to allow the use of any cryptographic
authentication algorithm in addition to the already-documented
authentication schemes, described in the base specification and RFC
5304. IS-IS is specified in International Standards Organization
(ISO) 10589, with extensions to support Internet Protocol version 4
(IPv4) described in RFC 1195.
Bhatia, et al. Standards Track [Page 1]RFC 5310 IS-IS Generic Crypto Authentication February 2009
Although this document has been written specifically for using the
Hashed Message Authentication Code (HMAC) construct along with the
Secure Hash Algorithm (SHA) family of cryptographic hash functions,
the method described in this document is generic and can be used to
extend IS-IS to support any cryptographic hash function in the
future.
Table of Contents
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................3
2. IS-IS Security Association ......................................3
3. Authentication Procedures .......................................4
3.1. Authentication TLV .........................................4
3.2. Authentication Process .....................................5
3.3. Cryptographic Aspects ......................................5
3.4. Procedures at the Sending Side .............................7
3.5. Procedure at the Receiving Side ............................8
4. Security Considerations .........................................8
5. Acknowledgments .................................................9
6. IANA Considerations ............................................10
7. References .....................................................10
7.1. Normative References ......................................10
7.2. Informative References ....................................11
1. Introduction
The Intermediate System to Intermediate System (IS-IS) specification
([ISO], [RFC1195]) allows for authentication of its Protocol Data
Units (PDUs) via the authentication TLV 10 that is carried as a part
of the PDU. The base specification has provision for only cleartext
passwords and RFC 5304 [RFC5304] augments this to provide the
capability to use Hashed Message Authentication Code - Message Digest
5 (HMAC-MD5) authentication for its PDUs.
The first octet of the value field of TLV 10 specifies the type of
authentication to be carried out. Type 0 is reserved, Type 1
indicates a cleartext password, Type 54 indicates HMAC MD5, and Type
255 is used for routing domain private authentication methods. The
remainder of the value field contains the actual authentication data,
determined by the value of the authentication type.
datatracker.ietf.org