Simple Authentication Schemes for the Asynchronous Layered Coding (ALC) and NACK-Oriented Reliable Multicast (NORM) Protocols
RFC 6584

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    rmt mailing list <rmt@ietf.org>,
    rmt chair <rmt-chairs@tools.ietf.org>
Subject: Protocol Action: 'Simple Authentication Schemes for the ALC and NORM Protocols' to Proposed Standard (draft-ietf-rmt-simple-auth-for-alc-norm-06.txt)

The IESG has approved the following document:
- 'Simple Authentication Schemes for the ALC and NORM Protocols'
  (draft-ietf-rmt-simple-auth-for-alc-norm-06.txt) as a Proposed Standard

This document is the product of the Reliable Multicast Transport Working
Group.

The IESG contact persons are David Harrington and Wesley Eddy.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-rmt-simple-auth-for-alc-norm/


Technical Summary

This document introduces four schemes that provide a per-packet
authentication and integrity service in the context of the ALC and NORM
protocols. The first scheme is based on digital signatures. Because it relies
on asymmetric cryptography, this scheme generates a high processing load at the
sender and to a lesser extent at a receiver, as well as a significant
transmission overhead. It is therefore well suited to low data rate sessions.
The second scheme relies on the Elliptic Curve Digital Signature Algorithm
(ECDSA). If this approach also relies an asymmetric cryptography, the
processing load and the transmission overhead are significantly reduced
compared to traditional digital signature schemes. It is therefore well suited
to medium data rate sessions. The third scheme relies on a group Message
Authentication Code (MAC). Because this scheme relies on symmetric
cryptography, MAC calculation and verification are fast operations, which makes
it suited to high data rate sessions. However it only provides a group
authentication and integrity service, which means that it only protects against
attackers that are not group members. Finally, the fourth scheme merges the
digital signature and group schemes, and is useful to mitigate DoS
attacks coming from attackers that are not group members.

The document specifies formats for the EXT_AUTH header extension type that both
the NORM and ALC protocol specifications provide. This allows these authentication
schemes to be used for these protocols as an alternative to IPSec for deployment
use cases where appropriate.

Working Group Summary

There is consensus in the WG to publish these documents. 
The WG submitted the document for Experimental status, but following the suggestion of the IESG, the document is 
being submitted as Proposed Standard. An IETF LC for Proposed Standard status ends 1-25-12.

Document Quality

The document quality is high. The authors also published another similar
document describing the use of the more complex TESLA authentication technique
for these protocols and this document benefits from the reviews of that
document as well.

Personnel

Brian Adamson is the Document Shepherd.
Dave Harrington is the Responsible Area Director. 

RFC Editor Note

1) ALC and NORM should be expanded on first use.
2) Section 3.4 states:

   All receivers MUST recognize EXT_AUTH but MAY not be able to parse
   its content, for instance because they do not support digital
   signatures.

   Please replace MAY with might. (This text recurs in Sections 4.4, 5.4, and 6.4.)