This document introduces a new optional Cryptographic Authentication
TLV that LDP can use to secure its Hello messages. It secures the
Hello messages against spoofing attacks and some well known attacks
against the IP header. This document describes a mechanism to secure
the LDP Hello messages using National Institute of Standards and
Technology (NIST) Secure Hash Standard family of algorithms.
Working Group Summary
Taking a mostly security document through a working group like MPLS
is a bit tricky. Most of the participants do not have there focus on
security issues. While a large majority agree that the security work has
a huge value, it is often not highest on the priority list for the average
Securing routing protocols, like LDP, started with a analysis done by
the KARP working group. KARP pointed to the UDP based Hello
messages as a potential risk.
The current draft has been developed by the MPLS working group and
reviewed by KARP during WGLC. The comments from people active in
KARP have been very valuable.
Currently we do not know of existing implementations of this draft,
The SecDir review from Yaron Sheffer took a while to resolve, but has
improved the document.
Adrian Farrel is the Responsible AD
Loa Andersson is the Document Shepherd.