Babel Hashed Message Authentication Code (HMAC) Cryptographic Authentication
RFC 7298

Document Type RFC - Experimental (July 2014; No errata)
Updates RFC 6126
Last updated 2014-07-11
Stream ISE
Formats plain text pdf html
IETF conflict review conflict-review-ovsienko-babel-hmac-authentication
Stream ISE state Published RFC
Document shepherd Nevil Brownlee
Shepherd write-up Show (last changed 2014-03-21)
IESG IESG state RFC 7298 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Independent Submission                                       D. Ovsienko
Request for Comments: 7298                                        Yandex
Updates: 6126                                                  July 2014
Category: Experimental
ISSN: 2070-1721

            Babel Hashed Message Authentication Code (HMAC)
                      Cryptographic Authentication

Abstract

   This document describes a cryptographic authentication mechanism for
   the Babel routing protocol.  This document updates RFC 6126.  The
   mechanism allocates two new TLV types for the authentication data,
   uses Hashed Message Authentication Code (HMAC), and is both optional
   and backward compatible.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for examination, experimental implementation, and
   evaluation.

   This document defines an Experimental Protocol for the Internet
   community.  This is a contribution to the RFC Series, independently
   of any other RFC stream.  The RFC Editor has chosen to publish this
   document at its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7298.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Ovsienko                      Experimental                      [Page 1]
RFC 7298         Babel HMAC Cryptographic Authentication       July 2014

Table of Contents

   1. Introduction ....................................................3
      1.1. Requirements Language ......................................5
   2. Cryptographic Aspects ...........................................5
      2.1. Mandatory-to-Implement and Optional Hash Algorithms ........5
      2.2. Definition of Padding ......................................6
      2.3. Cryptographic Sequence Number Specifics ....................8
      2.4. Definition of HMAC .........................................9
   3. Updates to Protocol Data Structures ............................11
      3.1. RxAuthRequired ............................................11
      3.2. LocalTS ...................................................11
      3.3. LocalPC ...................................................11
      3.4. MaxDigestsIn ..............................................11
      3.5. MaxDigestsOut .............................................12
      3.6. ANM Table .................................................12
      3.7. ANM Timeout ...............................................13
      3.8. Configured Security Associations ..........................14
      3.9. Effective Security Associations ...........................16
   4. Updates to Protocol Encoding ...................................17
      4.1. Justification .............................................17
      4.2. TS/PC TLV .................................................19
      4.3. HMAC TLV ..................................................20
   5. Updates to Protocol Operation ..................................21
      5.1. Per-Interface TS/PC Number Updates ........................21
      5.2. Deriving ESAs from CSAs ...................................23
      5.3. Updates to Packet Sending .................................25
      5.4. Updates to Packet Receiving ...............................28
      5.5. Authentication-Specific Statistics Maintenance ............30
   6. Implementation Notes ...........................................31
      6.1. Source Address Selection for Sending ......................31
      6.2. Output Buffer Management ..................................31
      6.3. Optimizations of Deriving Procedure for ESAs ..............32
      6.4. Duplication of Security Associations ......................33
   7. Network Management Aspects .....................................34
      7.1. Backward Compatibility ....................................34
      7.2. Multi-Domain Authentication ...............................35
      7.3. Migration to and from Authenticated Exchange ..............36
      7.4. Handling of Authentication Key Exhaustion .................37
   8. Security Considerations ........................................38
Show full document text