Routing Protocol Security Requirements BOF (rpsec) Thursday, March 21 at 1300-1500 =============================== CHAIRS: Russ White Danny McPherson Description ----------- The lack of a common set of security requirements and methods for routing protocols has resulted in a wide variety of security mechanisms for individual routing protocols. Ongoing work on requirements for the next generation routing system and future work on the actual mechanisms for it will require well documented routing security requirements. The products of this working group will be used by routing protcool designers to ensure adequate coverage of security in the future, including well known and possible threats. It is not the goal of this working group to revisit current routing protocol security mechanisms. The goal of this BOF is to discuss creation and charter of a WG in the routing area that would be charged with the following tasks: - Document threat models for routing protocols - Document security requirements for routing protocols Proposed WG milestones: 1. Jul 2002: Submit initial I-D (or set of I-Ds) which details the threats to routing protocols. 2. Oct 2002: Submit initial I-D (or set of I-Ds) which outlines security requirements for routing protocols. 3. Dec 2002: Submit I-Ds documenting threats to routing protocols for publication as Informational RFC. 4. Mar 2003: Submit the I-D documenting security requirements to routing protocols for publication as Informational RFC. 5. Mar 2003: Evaluate progress, recharter with new goals (see possible future work below) or shutdown. BOF Agenda ---------- 1. Agenda bashing 2. Overview of security issues in routing protocols 3. Overview of the current status of routing protocol security work 4. Presentation on proposed WG charter and milestones 5. Open mike (discussion, Q&As) References ---------- 1. Flaws in packet's authentication of OSPFv2, Jerome Etienne http://www.ietf.org/internet-drafts/draft-etienne-ospfv2-auth-flaws-00.txt 2. Flaws in RIPv2 packet's authentication, Jerome Etienne http://www.ietf.org/internet-drafts/draft-etienne-ripv2-auth-flaws-00.txt 3. BGP Security Vulnerabilities Analysis, S. Murphy http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-00.txt 4. BGP Security Protections, S. Murphy http://www.ietf.org/internet-drafts/draft-murphy-bgp-protect-00.txt 5. OSPF with digital signature against an insider, Jerome Etienne http://www.ietf.org/internet-drafts/draft-etienne-rfc2154-flaws-00.txt 6. Secure BGP (S-BGP) http://www.net-tech.bbn.com/sbgp/draft-clynn-s-bgp-protocol-00.txt 7. OSPF Version 2 (RFC2328) http://www.ietf.org/rfc/rfc2328.txt 8. RIP-2 MD5 Authentication (RFC2082) http://www.ietf.org/rfc/rfc2082.txt 9. IS-IS Cryptographic Authentication http://www.ietf.org/internet-drafts/draft-ietf-isis-hmac-03.txt 10. Protection of BGP Sessions via the TCP MD5 Signature Option http://www.ietf.org/rfc/rfc2385.txt http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2385bis-00.txt Possible Future Work -------------------- - Document the feasibility of various types of security mechinisms within routing protocols - Document requirements for new security mechanisms - Document security requirements for the next generation routing system