datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Keying and Authentication for Routing Protocols (KARP) Overview, Threats, and Requirements
RFC 6862

Internet Engineering Task Force (IETF)                       G. Lebovitz
Request for Comments: 6862
Category: Informational                                        M. Bhatia
ISSN: 2070-1721                                           Alcatel-Lucent
                                                                 B. Weis
                                                           Cisco Systems
                                                              March 2013

         Keying and Authentication for Routing Protocols (KARP)
                  Overview, Threats, and Requirements

Abstract

   Different routing protocols employ different mechanisms for securing
   protocol packets on the wire.  While most already have some method
   for accomplishing cryptographic message authentication, in many cases
   the existing methods are dated, vulnerable to attack, and employ
   cryptographic algorithms that have been deprecated.  The "Keying and
   Authentication for Routing Protocols" (KARP) effort aims to overhaul
   and improve these mechanisms.  This document does not contain
   protocol specifications.  Instead, it defines the areas where
   protocol specification work is needed.  This document is a companion
   document to RFC 6518, "Keying and Authentication for Routing
   Protocols (KARP) Design Guidelines"; together they form the guidance
   and instruction KARP design teams will use to review and overhaul
   routing protocol transport security.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6862.

Lebovitz, et al.              Informational                     [Page 1]
RFC 6862        KARP Overview, Threats, and Requirements      March 2013

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Requirements Language  . . . . . . . . . . . . . . . . . .  7
   2.  KARP Effort Overview . . . . . . . . . . . . . . . . . . . . .  7
     2.1.  KARP Scope . . . . . . . . . . . . . . . . . . . . . . . .  7
     2.2.  Incremental Approach . . . . . . . . . . . . . . . . . . .  8
     2.3.  Goals  . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     2.4.  Non-Goals  . . . . . . . . . . . . . . . . . . . . . . . . 12
     2.5.  Audience . . . . . . . . . . . . . . . . . . . . . . . . . 12
   3.  Threats  . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
     3.1.  Threat Sources . . . . . . . . . . . . . . . . . . . . . . 13
       3.1.1.  OUTSIDERS  . . . . . . . . . . . . . . . . . . . . . . 13
       3.1.2.  Unauthorized Key Holder  . . . . . . . . . . . . . . . 14
         3.1.2.1.  Terminated Employee  . . . . . . . . . . . . . . . 15
       3.1.3.  BYZANTINE  . . . . . . . . . . . . . . . . . . . . . . 15
     3.2.  Threat Actions In Scope  . . . . . . . . . . . . . . . . . 16
     3.3.  Threat Actions Out of Scope  . . . . . . . . . . . . . . . 17
   4.  Requirements for KARP Work Phase 1: Update to a Routing
       Protocol's Existing Transport Security . . . . . . . . . . . . 18
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 23
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 24
     7.2.  Informative References . . . . . . . . . . . . . . . . . . 24

Lebovitz, et al.              Informational                     [Page 2]

[include full document text]