Babel Hashed Message Authentication Code (HMAC) Cryptographic Authentication
RFC 7298
| Document | Type |
RFC - Experimental
(July 2014; No errata)
Updates RFC 6126
Was draft-ovsienko-babel-hmac-authentication (individual)
|
|
|---|---|---|---|
| Last updated | 2014-07-11 | ||
| Stream | ISE | ||
| Formats | plain text pdf html bibtex | ||
| IETF conflict review | conflict-review-ovsienko-babel-hmac-authentication | ||
| Stream | ISE state | Published RFC | |
| Consensus Boilerplate | Unknown | ||
| Document shepherd | Nevil Brownlee | ||
| Shepherd write-up | Show (last changed 2014-03-21) | ||
| IESG | IESG state | RFC 7298 (Experimental) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IC | ||
Independent Submission D. Ovsienko
Request for Comments: 7298 Yandex
Updates: 6126 July 2014
Category: Experimental
ISSN: 2070-1721
Babel Hashed Message Authentication Code (HMAC)
Cryptographic Authentication
Abstract
This document describes a cryptographic authentication mechanism for
the Babel routing protocol. This document updates RFC 6126. The
mechanism allocates two new TLV types for the authentication data,
uses Hashed Message Authentication Code (HMAC), and is both optional
and backward compatible.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This is a contribution to the RFC Series, independently
of any other RFC stream. The RFC Editor has chosen to publish this
document at its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7298.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Ovsienko Experimental [Page 1]
RFC 7298 Babel HMAC Cryptographic Authentication July 2014
Table of Contents
1. Introduction ....................................................3
1.1. Requirements Language ......................................5
2. Cryptographic Aspects ...........................................5
2.1. Mandatory-to-Implement and Optional Hash Algorithms ........5
2.2. Definition of Padding ......................................6
2.3. Cryptographic Sequence Number Specifics ....................8
2.4. Definition of HMAC .........................................9
3. Updates to Protocol Data Structures ............................11
3.1. RxAuthRequired ............................................11
3.2. LocalTS ...................................................11
3.3. LocalPC ...................................................11
3.4. MaxDigestsIn ..............................................11
3.5. MaxDigestsOut .............................................12
3.6. ANM Table .................................................12
3.7. ANM Timeout ...............................................13
3.8. Configured Security Associations ..........................14
3.9. Effective Security Associations ...........................16
4. Updates to Protocol Encoding ...................................17
4.1. Justification .............................................17
4.2. TS/PC TLV .................................................19
4.3. HMAC TLV ..................................................20
5. Updates to Protocol Operation ..................................21
5.1. Per-Interface TS/PC Number Updates ........................21
5.2. Deriving ESAs from CSAs ...................................23
5.3. Updates to Packet Sending .................................25
5.4. Updates to Packet Receiving ...............................28
5.5. Authentication-Specific Statistics Maintenance ............30
6. Implementation Notes ...........................................31
6.1. Source Address Selection for Sending ......................31
6.2. Output Buffer Management ..................................31
6.3. Optimizations of Deriving Procedure for ESAs ..............32
6.4. Duplication of Security Associations ......................33
7. Network Management Aspects .....................................34
7.1. Backward Compatibility ....................................34
7.2. Multi-Domain Authentication ...............................35
7.3. Migration to and from Authenticated Exchange ..............36
7.4. Handling of Authentication Key Exhaustion .................37
8. Security Considerations ........................................38
Show full document text