Babel Hashed Message Authentication Code (HMAC) Cryptographic Authentication
RFC 7298
Document | Type |
RFC - Experimental
(July 2014; No errata)
Obsoleted by RFC 8967
Updates RFC 6126
Was draft-ovsienko-babel-hmac-authentication (individual)
|
|
---|---|---|---|
Author | Denis Ovsienko | ||
Last updated | 2014-07-11 | ||
Stream | ISE | ||
Formats | plain text html pdf htmlized bibtex | ||
IETF conflict review | conflict-review-ovsienko-babel-hmac-authentication | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | Adrian Farrel | ||
Shepherd write-up | Show (last changed 2014-03-21) | ||
IESG | IESG state | RFC 7298 (Experimental) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Independent Submission D. Ovsienko Request for Comments: 7298 Yandex Updates: 6126 July 2014 Category: Experimental ISSN: 2070-1721 Babel Hashed Message Authentication Code (HMAC) Cryptographic Authentication Abstract This document describes a cryptographic authentication mechanism for the Babel routing protocol. This document updates RFC 6126. The mechanism allocates two new TLV types for the authentication data, uses Hashed Message Authentication Code (HMAC), and is both optional and backward compatible. Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7298. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Ovsienko Experimental [Page 1] RFC 7298 Babel HMAC Cryptographic Authentication July 2014 Table of Contents 1. Introduction ....................................................3 1.1. Requirements Language ......................................5 2. Cryptographic Aspects ...........................................5 2.1. Mandatory-to-Implement and Optional Hash Algorithms ........5 2.2. Definition of Padding ......................................6 2.3. Cryptographic Sequence Number Specifics ....................8 2.4. Definition of HMAC .........................................9 3. Updates to Protocol Data Structures ............................11 3.1. RxAuthRequired ............................................11 3.2. LocalTS ...................................................11 3.3. LocalPC ...................................................11 3.4. MaxDigestsIn ..............................................11 3.5. MaxDigestsOut .............................................12 3.6. ANM Table .................................................12 3.7. ANM Timeout ...............................................13 3.8. Configured Security Associations ..........................14 3.9. Effective Security Associations ...........................16 4. Updates to Protocol Encoding ...................................17 4.1. Justification .............................................17 4.2. TS/PC TLV .................................................19 4.3. HMAC TLV ..................................................20 5. Updates to Protocol Operation ..................................21 5.1. Per-Interface TS/PC Number Updates ........................21 5.2. Deriving ESAs from CSAs ...................................23 5.3. Updates to Packet Sending .................................25 5.4. Updates to Packet Receiving ...............................28 5.5. Authentication-Specific Statistics Maintenance ............30 6. Implementation Notes ...........................................31 6.1. Source Address Selection for Sending ......................31 6.2. Output Buffer Management ..................................31 6.3. Optimizations of Deriving Procedure for ESAs ..............32 6.4. Duplication of Security Associations ......................33 7. Network Management Aspects .....................................34 7.1. Backward Compatibility ....................................34 7.2. Multi-Domain Authentication ...............................35 7.3. Migration to and from Authenticated Exchange ..............36 7.4. Handling of Authentication Key Exhaustion .................37 8. Security Considerations ........................................38 9. IANA Considerations ............................................43 10. Acknowledgements ..............................................43Show full document text