{"draft":"draft-ietf-ospf-security-extension-manual-keying-11","doc_id":"RFC7474","title":"Security Extension for OSPFv2 When Using Manual Key Management","authors":["M. Bhatia","S. Hartman","D. Zhang","A. Lindem, Ed."],"format":["ASCII","HTML"],"page_count":"14","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Open Shortest Path First IGP","abstract":"The current OSPFv2 cryptographic authentication mechanism as defined\r\nin RFCs 2328 and 5709 is vulnerable to both inter-session and intra-\r\nsession replay attacks when using manual keying.  Additionally, the\r\nexisting cryptographic authentication mechanism does not cover the IP\r\nheader.  This omission can be exploited to carry out various types of\r\nattacks.\r\n\r\nThis document defines changes to the authentication sequence number\r\nmechanism that will protect OSPFv2 from both inter-session and intra-\r\nsession replay attacks when using manual keys for securing OSPFv2\r\nprotocol packets.  Additionally, we also describe some changes in the\r\ncryptographic hash computation that will eliminate attacks resulting\r\nfrom OSPFv2 not protecting the IP header.","pub_date":"April 2015","keywords":["OSPF","cryptographic authentication","security","replay attacks"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC2328","RFC5709"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7474","errata_url":null}