Search RFCs
RFC 7474
Security Extension for OSPFv2 When Using Manual Key Management,April 2015
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 2328,RFC 5709
- Authors:
- M. Bhatia
S. Hartman
D. Zhang
A. Lindem, Ed. - Stream:
- IETF
- Source:
- ospf (rtg)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7474
Discuss this RFC: Send questions or comments to the mailing listlsr@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7474
Abstract
The current OSPFv2 cryptographic authentication mechanism as definedin RFCs 2328 and 5709 is vulnerable to both inter-session and intra-session replay attacks when using manual keying. Additionally, theexisting cryptographic authentication mechanism does not cover the IPheader. This omission can be exploited to carry out various types ofattacks.
This document defines changes to the authentication sequence numbermechanism that will protect OSPFv2 from both inter-session and intra-session replay attacks when using manual keys for securing OSPFv2protocol packets. Additionally, we also describe some changes in thecryptographic hash computation that will eliminate attacks resultingfrom OSPFv2 not protecting the IP header.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.