An Overview of Cryptographic Authentication for OSPFv2 OSPF Working Group, December 1994 Fred Baker and Ran Atkinson ======== Objectives o Protect OSPF routing updates from the passive attacks currently widespread in the Internet. o Use authentication mechanism that is easily exported and used in many countries. o Use algorithm-independent mechanism so changing algorithms later is easy. o Define a default algorithm that is easy to implement, yet strong enough for now. o Support smooth key rollover without requiring a key mangement protocol. o Avoid patent complications. ======== Approach o Re-use as much existing technology as possible (e.g. from SNMPv2) o Make keyed MD5 the default authentication algorithm. o Require manual key distribution for now. o Provide hooks for later use of a future Internet Key Management Protocol (work in progress elsewhere in the IETF). o Define smooth key rollover procedure and require implementations to support more than one key. ======== Revised OSPF LSA Format _________________________________________________________________________ | Version Number | Type | OSPF Data Length | |_________________|_________________|_____________________________________| | Router ID | |_________________________________________________________________________| | Area ID | |_________________________________________________________________________| | Reserved - Must be zero | AuType=Keyed Message Digest Function| |___________________________________|_____________________________________| | Reserved - Must be zero | Key Identifier | Auth Data Length | |___________________________________|__________________|__________________| | Sequence Number (non-decreasing) | |_________________________________________________________________________| | | | (OSPF Data Length - 24) bytes of Data | | | |_________________________________________________________________________| | Authentication Data (variable length; 16 bytes when MD5 is used) | |_________________________________________________________________________| ======== OSPF Authentication Keys o Keys are associated with OSPF interfaces. o Each key has an associated "Key Identifier," which is an opaque 8-bit value. o Each key has a lifetime, but a lifetime of "infinite" is legal. o An implementation must be able to store more than one (i.e. at least 2) keys per interface at a given time. o Sender selects a valid key when creating the message and sends the message. o Receiver uses "Key Identifier" to select the correct key for received LSAs. o New key should begin being used several minutes before the old key lifetime expires. o Normally, key lifetimes will overlap somewhat so that key rollover is smooth. o If the last key expires without a new key, the lifetime of that key is extended until either (1) the key is deleted by network management or (2) a new key is configured in. o Long term the Internet needs to define and deploy a scalable key management protocol, but this specification only requires manual key distribution since we don't have such a key management protocol.