50 likes | 238 Views
OSPF WG. Supporting Authentication Trailer for OSPFv3 draft-bhatia-manral-auth-trailer-ospfv3-01 Manav Bhatia, Alcatel-Lucent Vishwas Manral, IP Infusion Acee Lindem, Ericsson IETF 79, Beijing. Introduction (1/2). OSPFv3 uses IPsec for authentication (RFC4552)
E N D
OSPF WG Supporting Authentication Trailer for OSPFv3 draft-bhatia-manral-auth-trailer-ospfv3-01 Manav Bhatia, Alcatel-Lucent Vishwas Manral, IP Infusion Acee Lindem, Ericsson IETF 79, Beijing
Introduction (1/2) • OSPFv3 uses IPsec for authentication (RFC4552) • In some environments IPsec is difficult to maintain/configure and is not used • Uses manual keying so no replay protection making it vulnerable to attacks described in RFC 6039 • Uses IPsec which makes it a trifle more difficult to prioritize certain control packets
Introduction (2/2) • OSPFv2 cryptographic authentication mechanism widely known/implemented/deployed • Enhance OSPFv3 authentication procedure so that it uses a similar mechanism
Proposed Auth Mechanism • Append a special data block - Authentication Trailer to the end of the OSPFv3 packets • Only examined if AT bit is set in the Options field in Hello/DD packets • Authentication mechanism exactly the same as described in RFC 5709 IPv6 Payload Length = X + Y OSPFv3 Header Length = X X OSPFv3 Protocol Data OSPFv3 Authentication Trailer Y