[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Evaluation: draft-ietf-isis-hmac - IS-IS Cryptographic Authentication to Informational
- To: Internet Engineering Steering Group <iesg@ietf.org>
- Subject: Evaluation: draft-ietf-isis-hmac - IS-IS Cryptographic Authentication to Informational
- From: IESG Secretary <iesg-secretary@ietf.org>
- Date: Fri, 23 May 2003 13:29:36 -0400
Last Call to expire on: 2003-5-16
Please return the full line with your position.
Yes No-Objection Discuss * Abstain
Harald Alvestrand [ ] [ ] [ ] [ ]
Steve Bellovin [ ] [ ] [ ] [ ]
Randy Bush [ ] [ ] [ ] [ ]
Bill Fenner [ ] [ ] [ ] [ ]
Ned Freed [ ] [ ] [ ] [ ]
Ted Hardie [ ] [ ] [ ] [ ]
Russ Housley [ ] [ ] [ ] [ ]
Allison Mankin [ ] [ ] [ ] [ ]
Thomas Narten [ ] [ ] [ ] [ ]
Erik Nordmark [ ] [ ] [ ] [ ]
Jon Peterson [ ] [ ] [ ] [ ]
Bert Wijnen [ ] [ ] [ ] [ ]
Alex Zinin [ X ] [ ] [ ] [ ]
2/3 (9) Yes or No-Objection opinions needed to pass.
* Indicate reason if 'Discuss'.
^L
To: IETF-Announce:;
Dcc: *******
Cc: RFC Editor <rfc-editor@isi.edu>,
Internet Architecture Board <iab@iab.org>, isis-wg@ietf.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Document Action: IS-IS Cryptographic Authentication to
Informational
-------------
The IESG has approved the Internet-Draft 'IS-IS Cryptographic
Authentication' <draft-ietf-isis-hmac-04.txt> as an Informational RFC.
This document is the product of the IS-IS for IP Internets Working Group.
The IESG contact persons are Bill Fenner and Alex Zinin.
Technical Summary
This document describes the authentication of IS-IS PDUs using the
HMAC-MD5 algorithm as found in RFC 2104. IS-IS is specified in ISO
10589 and RFC 1142, with extensions to support IPv4 described in RFC
1195. The base specification includes an authentication mechanism
that allows for multiple authentication algorithms. The base
specification only specifies the algorithm for cleartext passwords.
This document proposes an extension to that specification that allows
the use of the HMAC-MD5 authentication algorithm to be used in
conjunction with the existing authentication mechanisms.
Working Group Summary
The draft documents a widely deployed mechanism.
Changes to the authentication mechanism described here (primarily: to
add a Key-ID field such as OSPFv2 and RIPv2 have) were considered at
some length, but ultimately were rejected. The mechanism here was
already widely implemented in 1999. As of this writing, this
mechanism is fairly widely deployed within the users interested in
cryptographic authentication of IS-IS. The improvement provided by
the proposed revised mechanism was not large enough to justify the
change, given the installed base and lack of operator interest in
deploying the proposed revised mechanism.
Protocol Quality
This specification was reviewed for IESG by Alex Zinin.
RFC Editor Note
Section "NORMATIVE REFERENCES"
OLD:
[1] ISO, "Intermediate System to Intermediate System Intra- Domain
Routing
Exchange Protocol for use in Conjunction with the Protocol for
Providing
the Connectionless-mode Network Service (ISO 8473)", International
Standard
10589 [Also republished as RFC 1142].
NEW:
[1] ISO, "Intermediate system to Intermediate system routeing
information exchange protocol for use in conjunction with the
Protocol for providing the Connectionless-mode Network Service
(ISO 8473)," ISO/IEC 10589:2002, Second Edition."