{"draft":"draft-ietf-opsec-igp-crypto-requirements-04","doc_id":"RFC6094","title":"Summary of Cryptographic Authentication Algorithm Implementation Requirements for Routing Protocols","authors":["M. Bhatia","V. Manral"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Operational Security Capabilities for IP Network Infrastructure","abstract":"The routing protocols Open Shortest Path First version 2 (OSPFv2),\r\nIntermediate System to Intermediate System (IS-IS), and Routing\r\nInformation Protocol (RIP) currently define cleartext and MD5\r\n(Message Digest 5) methods for authenticating protocol packets.\r\nRecently, effort has been made to add support for the SHA (Secure\r\nHash Algorithm) family of hash functions for the purpose of\r\nauthenticating routing protocol packets for RIP, IS-IS, and OSPF.\r\n\r\nTo encourage interoperability between disparate implementations, it\r\nis imperative that we specify the expected minimal set of algorithms,\r\nthereby ensuring that there is at least one algorithm that all\r\nimplementations will have in common.\r\n\r\nSimilarly, RIP for IPv6 (RIPng) and OSPFv3 support IPsec algorithms\r\nfor authenticating their protocol packets.\r\n\r\nThis document examines the current set of available algorithms, with\r\ninteroperability and effective cryptographic authentication\r\nprotection being the principal considerations.  Cryptographic\r\nauthentication of these routing protocols requires the availability\r\nof the same algorithms in disparate implementations.  It is desirable\r\nthat newly specified algorithms should be implemented and available\r\nin routing protocol implementations because they may be promoted to\r\nrequirements at some future time.  This document is not an Internet \r\nStandards Track specification; it is published for informational purposes.","pub_date":"February 2011","keywords":["IGP security"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6094","errata_url":null}