IS-IS Generic Cryptographic Authentication
RFC 5310
Document Type RFC - Proposed Standard (February 2009; Errata)
Updated by RFC 6232, RFC 6233
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5310 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Ross Callon
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                          M. Bhatia
Request for Comments: 5310                                Alcatel-Lucent
Category: Standards Track                                      V. Manral
                                                             IP Infusion
                                                                   T. Li
                                                   Redback Networks Inc.
                                                             R. Atkinson
                                                        Extreme Networks
                                                                R. White
                                                           Cisco Systems
                                                                M. Fanto
                                                     Aegis Data Security
                                                           February 2009

               IS-IS Generic Cryptographic Authentication

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (http://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document proposes an extension to Intermediate System to
   Intermediate System (IS-IS) to allow the use of any cryptographic
   authentication algorithm in addition to the already-documented
   authentication schemes, described in the base specification and RFC
   5304.  IS-IS is specified in International Standards Organization
   (ISO) 10589, with extensions to support Internet Protocol version 4
   (IPv4) described in RFC 1195.

Bhatia, et al.              Standards Track                     [Page 1]
RFC 5310          IS-IS Generic Crypto Authentication      February 2009

   Although this document has been written specifically for using the
   Hashed Message Authentication Code (HMAC) construct along with the
   Secure Hash Algorithm (SHA) family of cryptographic hash functions,
   the method described in this document is generic and can be used to
   extend IS-IS to support any cryptographic hash function in the
   future.

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................3
   2. IS-IS Security Association ......................................3
   3. Authentication Procedures .......................................4
      3.1. Authentication TLV .........................................4
      3.2. Authentication Process .....................................5
      3.3. Cryptographic Aspects ......................................5
      3.4. Procedures at the Sending Side .............................7
      3.5. Procedure at the Receiving Side ............................8
   4. Security Considerations .........................................8
   5. Acknowledgments .................................................9
   6. IANA Considerations ............................................10
   7. References .....................................................10
      7.1. Normative References ......................................10
      7.2. Informative References ....................................11

1.  Introduction

   The Intermediate System to Intermediate System (IS-IS) specification
   ([ISO], [RFC1195]) allows for authentication of its Protocol Data
   Units (PDUs) via the authentication TLV 10 that is carried as a part
   of the PDU.  The base specification has provision for only cleartext
   passwords and RFC 5304 [RFC5304] augments this to provide the
   capability to use Hashed Message Authentication Code - Message Digest
   5 (HMAC-MD5) authentication for its PDUs.

   The first octet of the value field of TLV 10 specifies the type of
   authentication to be carried out.  Type 0 is reserved, Type 1
   indicates a cleartext password, Type 54 indicates HMAC MD5, and Type
   255 is used for routing domain private authentication methods.  The
   remainder of the value field contains the actual authentication data,
   determined by the value of the authentication type.

   This document proposes a new authentication type to be carried in TLV
   10, called the generic cryptographic authentication (CRYPTO_AUTH).
   This can be used to specify any authentication algorithm for
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA