Evaluation: draft-ietf-isis-hmac - IS-IS Cryptographic Authentication to Informational

[IESG Secretary <iesg-secretary@ietf.org>]

Last Call to expire on: 2003-5-16

	Please return the full line with your position.

                    Yes    No-Objection  Discuss *  Abstain


Harald Alvestrand   [   ]     [   ]       [   ]      [   ]
Steve Bellovin      [   ]     [   ]       [   ]      [   ]
Randy Bush          [   ]     [   ]       [   ]      [   ]
Bill Fenner         [   ]     [   ]       [   ]      [   ]
Ned Freed           [   ]     [   ]       [   ]      [   ]
Ted Hardie          [   ]     [   ]       [   ]      [   ]
Russ Housley        [   ]     [   ]       [   ]      [   ]
Allison Mankin      [   ]     [   ]       [   ]      [   ]
Thomas Narten       [   ]     [   ]       [   ]      [   ]
Erik Nordmark       [   ]     [   ]       [   ]      [   ]
Jon Peterson        [   ]     [   ]       [   ]      [   ]
Bert Wijnen         [   ]     [   ]       [   ]      [   ]
Alex Zinin          [ X ]     [   ]       [   ]      [   ]


 2/3 (9) Yes or No-Objection opinions needed to pass.

 * Indicate reason if 'Discuss'.

^L
To: IETF-Announce:;
Dcc: *******
Cc: RFC Editor <rfc-editor@isi.edu>,
 Internet Architecture Board <iab@iab.org>, isis-wg@ietf.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Document Action: IS-IS Cryptographic Authentication to 
         Informational
-------------


The IESG has approved the Internet-Draft 'IS-IS Cryptographic
Authentication' <draft-ietf-isis-hmac-04.txt> as an Informational RFC.
This document is the product of the IS-IS for IP Internets Working Group.
The IESG contact persons are Bill Fenner and Alex Zinin.
 
 
Technical Summary
 
      This document describes the authentication of IS-IS PDUs using the
      HMAC-MD5 algorithm as found in RFC 2104. IS-IS is specified in ISO
      10589 and RFC 1142, with extensions to support IPv4 described in RFC
      1195. The base specification includes an authentication mechanism
      that allows for multiple authentication algorithms. The base
      specification only specifies the algorithm for cleartext passwords.

      This document proposes an extension to that specification that allows
      the use of the HMAC-MD5 authentication algorithm to be used in
      conjunction with the existing authentication mechanisms.

Working Group Summary
 
      The draft documents a widely deployed mechanism.

      Changes to the authentication mechanism described here (primarily: to
      add a Key-ID field such as OSPFv2 and RIPv2 have) were considered at
      some length, but ultimately were rejected. The mechanism here was
      already widely implemented in 1999. As of this writing, this
      mechanism is fairly widely deployed within the users interested in
      cryptographic authentication of IS-IS. The improvement provided by
      the proposed revised mechanism was not large enough to justify the
      change, given the installed base and lack of operator interest in
      deploying the proposed revised mechanism.
 
Protocol Quality
 
      This specification was reviewed for IESG by Alex Zinin.

RFC Editor Note

Section "NORMATIVE REFERENCES"

OLD:

      [1] ISO, "Intermediate System to Intermediate System Intra- Domain
Routing
      Exchange Protocol for use in Conjunction with the Protocol for
Providing
      the Connectionless-mode Network Service (ISO 8473)", International
Standard
      10589 [Also republished as RFC 1142].

NEW:

      [1] ISO, "Intermediate system to Intermediate system routeing
              information exchange protocol for use in conjunction with the
              Protocol for providing the Connectionless-mode Network Service
              (ISO 8473)," ISO/IEC 10589:2002, Second Edition."