Last Modified: 2005-05-20
Done | Submit initial I-D (or set of I-Ds) which details the threats to routing systems. | |
Done | Submit I-Ds documenting threats to routing systems for publication as Informational RFC. | |
Done | Submit initial I-D (or set of I-Ds) which outlines security requirements for routing systems. | |
Done | Recharter to include protocol-specific work. | |
Done | Submit initial I-D describing BGP Attack-Tree analysis. | |
Done | Submit initial I-D describing OSPF vulnerability analysis. | |
Done | Submit initial I-D describing BGP security requirements. | |
Oct 04 | Submit the I-D documenting security requirements to routing systems for publication as Informational RFC. | |
Oct 04 | Submit BGP Attack-Tree analysis for publication as Informational RFC. | |
Oct 04 | Submit OSPF vulnerability analysis for publication as Informational RFC. | |
Dec 04 | Submit BGP security requirements for publication as Informational RFC. | |
Mar 05 | Evaluate progress, recharter with new goals or shutdown. |
Agenda Current Status of Work Efficient BGP Security Meiyuan Zhao, presenter Steve Kent: S-BGP doesn't suggest CRLs for AAs. Assumes 1 day or so updates. Issues with RP Security Mechanisms Russ White Steve Kent: MD5 and HMAC constructs in current use not planned or valid. Current attacks not a problem for HMAC. Acee Lindem: OSPF keys are per interface, not per router; LSAs are signed in transit between routers on a per packet basis, rather than a per LSA basis. Sandy Murphy: Is the OSPF replay attack anything that can actually be used maliciously? Richard ??: Draft didn't discuss need for confidentiality. ISIS within GRE tunnels and stuffed into IPsec. ISIS over IPsec. Dave Ward: No need for tunelling, instead, consider using IS-IS over IP. Acee Lindem: Use of GDOI would remove issues w/ automatic keying also eliminating broadcast and NBMA interfaces, only using p2p and p2mp. Also mentioned use of graceful restart for security |