Skip to main content

IS-IS Generic Cryptographic Authentication
RFC 5310

Revision differences

Document history

Date Rev. By Action
2020-07-29
07 (System) Received changes through RFC Editor sync (removed Errata tag (all errata rejected))
2018-12-20
07 (System)
Received changes through RFC Editor sync (changed abstract to 'This document proposes an extension to Intermediate System to Intermediate System (IS-IS) to allow the use …
Received changes through RFC Editor sync (changed abstract to 'This document proposes an extension to Intermediate System to Intermediate System (IS-IS) to allow the use of any cryptographic authentication algorithm in addition to the already-documented authentication schemes, described in the base specification and RFC 5304. IS-IS is specified in International Standards Organization (ISO) 10589, with extensions to support Internet Protocol version 4 (IPv4) described in RFC 1195.

Although this document has been written specifically for using the Hashed Message Authentication Code (HMAC) construct along with the Secure Hash Algorithm (SHA) family of cryptographic hash functions, the method described in this document is generic and can be used to extend IS-IS to support any cryptographic hash function in the future. [STANDARDS-TRACK]')
2017-05-16
07 (System) Changed document authors from "Manav Bhatia" to "Manav Bhatia, Randall Atkinson, Tony Li, M Fanto, Vishwas Manral, Russ White"
2015-10-14
07 (System) Notify list changed from isis-chairs@ietf.org, draft-ietf-isis-hmac-sha@ietf.org to (None)
2009-02-11
07 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2009-02-11
07 Amy Vezza [Note]: 'RFC 5310' added by Amy Vezza
2009-02-09
07 (System) RFC published
2008-12-19
07 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2008-12-19
07 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2008-12-19
07 (System) IANA Action state changed to In Progress from Waiting on Authors
2008-12-19
07 (System) IANA Action state changed to Waiting on Authors from In Progress
2008-12-16
07 (System) IANA Action state changed to In Progress
2008-12-15
07 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2008-12-15
07 Cindy Morgan IESG state changed to Approved-announcement sent
2008-12-15
07 Cindy Morgan IESG has approved the document
2008-12-15
07 Cindy Morgan Closed "Approve" ballot
2008-12-13
07 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Carl Wallace.
2008-12-12
07 (System) Removed from agenda for telechat - 2008-12-11
2008-12-11
07 Cindy Morgan State Changes to Approved-announcement to be sent from IESG Evaluation by Cindy Morgan
2008-12-11
07 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2008-12-11
07 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault
2008-12-11
07 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson
2008-12-11
07 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko
2008-12-11
07 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2008-12-10
07 Jari Arkko
[Ballot comment]
Figure 1:

                  0                  1
    …
[Ballot comment]
Figure 1:

                  0                  1
                  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                  |    Type 10  |    Length    |
                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                  |  Auth Type  |
                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                  |            Key ID            |
                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                  |                              |
                  +                              +
                  | Authentication Data (Variable)|
                  +                              +
                  |                              |
                  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

I found the formatting confusing. Does the missing
fourth octet mean that it is (a) reserved or (b)
omitted and Auth Type and Key ID are actually consequtive
fields? Please clarify.
2008-12-10
07 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2008-12-10
07 David Ward [Ballot Position Update] Position for David Ward has been changed to Recuse from Yes by David Ward
2008-12-10
07 David Ward [Ballot Position Update] New position, Yes, has been recorded by David Ward
2008-12-10
07 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2008-12-10
07 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-12-10
07 Lars Eggert
[Ballot comment]
Section 4., paragraph 7:
>    [RFC4086] contains helpful information on both key
>    generation techniques and cryptographic randomness.

  …
[Ballot comment]
Section 4., paragraph 7:
>    [RFC4086] contains helpful information on both key
>    generation techniques and cryptographic randomness.

  [RFC4086] isn't mentioned in the references.
2008-12-10
07 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2008-12-09
07 Tim Polk [Ballot Position Update] New position, Yes, has been recorded by Tim Polk
2008-12-09
07 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2008-12-09
07 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-11-25
07 Ross Callon Placed on agenda for telechat - 2008-12-11 by Ross Callon
2008-11-25
07 Ross Callon State Changes to IESG Evaluation from Waiting for Writeup::AD Followup by Ross Callon
2008-11-25
07 Ross Callon [Ballot Position Update] New position, Yes, has been recorded for Ross Callon
2008-11-25
07 Ross Callon Ballot has been issued by Ross Callon
2008-11-25
07 Ross Callon Created "Approve" ballot
2008-11-18
07 (System) Sub state has been changed to AD Follow up from New Id Needed
2008-11-18
07 (System) New version available: draft-ietf-isis-hmac-sha-07.txt
2008-11-04
07 Ross Callon State Changes to Waiting for Writeup::Revised ID Needed from Waiting for AD Go-Ahead by Ross Callon
2008-11-04
07 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-10-31
07 Amanda Baber
IANA Last Call comments:

Upon approval of this document, the IANA will add the following
to the "IS-IS Authentication Type Codes for TLV 10" registry …
IANA Last Call comments:

Upon approval of this document, the IANA will add the following
to the "IS-IS Authentication Type Codes for TLV 10" registry at
http://www.iana.org/assignments/isis-tlv-codepoints

Reference: [RFC-isis-hmac-sha-05]
Registration Procedures: Expert Review
Initial contents of this sub-registry will be:

Value Authentication Type Code Reference
----- --------------------------- ---------
3 Cryptographic Authentication [RFC-isis-hmac-sha-05]

We understand the above to be the only IANA Action for this document.
2008-10-30
06 (System) New version available: draft-ietf-isis-hmac-sha-06.txt
2008-10-23
07 Samuel Weiler Request for Last Call review by SECDIR is assigned to Carl Wallace
2008-10-23
07 Samuel Weiler Request for Last Call review by SECDIR is assigned to Carl Wallace
2008-10-21
07 Amy Vezza Last call sent
2008-10-21
07 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2008-10-21
07 Ross Callon Last Call was requested by Ross Callon
2008-10-21
07 (System) Ballot writeup text was added
2008-10-21
07 (System) Last call text was added
2008-10-21
07 (System) Ballot approval text was added
2008-10-21
07 Ross Callon State Changes to Last Call Requested from Publication Requested by Ross Callon
2008-10-21
05 (System) New version available: draft-ietf-isis-hmac-sha-05.txt
2008-07-29
07 Ross Callon
PROTO Questionnaire and Write-up for: draft-ietf-isis-hmac-sha-04.txt

Shepherding WG-Chair: Chris Hopps (chopps@rawdofmt.org)

Questionnaire

    Q1) Have the chairs personally reviewed this version of …
PROTO Questionnaire and Write-up for: draft-ietf-isis-hmac-sha-04.txt

Shepherding WG-Chair: Chris Hopps (chopps@rawdofmt.org)

Questionnaire

    Q1) Have the chairs personally reviewed this version of the
    Internet Draft (ID), and in particular, do they believe
    this ID is ready to forward to the IESG for publication?

A1) Yes.

    Q2) Has the document had adequate review from both key WG
    members and key non-WG members? Do you have any concerns
    about the depth or breadth of the reviews that have been
    performed?

A2) Adequately reviewed.

    Q3) Do you have concerns that the document needs more review
    from a particular (broader) perspective (e.g., security,
    operational complexity, someone familiar with AAA, etc.)?

A3) No concerns.

    Q4) Do you have any specific concerns/issues with this
    document that you believe the ADs and/or IESG should be
    aware of? For example, perhaps you are uncomfortable with
    certain parts of the document, or have concerns whether
    there really is a need for it. In any event, if your issues
    have been discussed in the WG and the WG has indicated it
    that it still wishes to advance the document, detail those
    concerns in the write-up.

A4) No concerns.

    5) How solid is the WG consensus behind this document? Does
    it represent the strong concurrence of a few individuals,
    with others being silent, or does the WG as a whole understand
    and agree with it?

A5) Strong Consensus.

    6) Has anyone threatened an appeal or otherwise indicated
    extreme discontent? If so, please summarise the areas of
    conflict in separate email to the Responsible Area Director.

A6) No.

    7) Have the chairs verified that the document adheres to
    all of the ID Checklist items ?

A7) Yes.

    8) Is the document split into normative and informative
    references?  Are there normative references to IDs, where
    the IDs are not also ready for advancement or are otherwise
    in an unclear state? (note here that the RFC editor will
    not publish an RFC with normative references to IDs, it
    will delay publication until all such IDs are also ready
    for publication as RFCs.)

A8) The normative reference to RFC3567 is to an informational
    RFC. The standards track replacement is currently awaiting
    RFC number assignedment and it should replace this reference.

    9) What is the intended status of the document? (e.g.,
    Proposed Standard, Informational?)

A9) Proposed Standard.

*** Write-up


** Technical Summary

This document updates the cryptographic security mechanism currently
deployed for IS-IS. Two key improvements are realized with the new
document. The first is the specification of stronger hash algorithms
(SHA-X) to replace the less strong MD5 algorithm used in the previous
specification. The second improvement is to establish the use of
key IDs to allow for better specification of security associations.
This allows for more efficient key replacement in an operating network.

** Working Group Summary

The consensus was moderately strong for this specification. The
specification updates an older security mechanism that various
consumers have deemed insecure (MD5) and thus cannot be used. The
need for the new scheme was accepted in the end with no controversy.
During development 2 conflicting but very similiar drafts
were merged with both sets of authors now present on the current
document.

** Protocol Quality

There are currently no implementations of this specification.  As
noted in the "Working Group Summary" there is a need in the community
to replace the current cryptographic method used in IS-IS, with one
that allows for more secure hashing algorithms. At least one author
off the document is considered to be a security expert so the
security review is considered strong.
2008-04-10
07 Ross Callon Intended Status has been changed to Proposed Standard from None
2008-02-08
07 Ross Callon Draft Added by Ross Callon in state Publication Requested
2007-11-07
04 (System) New version available: draft-ietf-isis-hmac-sha-04.txt
2007-05-01
03 (System) New version available: draft-ietf-isis-hmac-sha-03.txt
2007-04-10
02 (System) New version available: draft-ietf-isis-hmac-sha-02.txt
2007-02-26
01 (System) New version available: draft-ietf-isis-hmac-sha-01.txt
2006-07-17
00 (System) New version available: draft-ietf-isis-hmac-sha-00.txt