Browse Prior Art Database

OSPF with Digital Signatures (RFC2154)

IP.com Disclosure Number: IPCOM000002711D
Original Publication Date: 1997-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 23 page(s) / 68K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Murphy: AUTHOR [+3]

Abstract

This memo describes the extensions to OSPF required to add digital signature authentication to Link State data, and to provide a certification mechanism for router data. Added LSA processing and key management is detailed. A method for migration from, or co- existence with, standard OSPF V2 is described.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group S. Murphy

Request for Comments: 2154 M. Badger

Category: Experimental B. Wellington

Trusted Information Systems

June 1997

OSPF with Digital Signatures

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. This memo does not specify an Internet standard of any

kind. Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Abstract

This memo describes the extensions to OSPF required to add digital

signature authentication to Link State data, and to provide a

certification mechanism for router data. Added LSA processing and

key management is detailed. A method for migration from, or co-

existence with, standard OSPF V2 is described.

Table of Contents

1 Acknowledgements ............................................. 2

2 Introduction ................................................. 2

3 LSA Processing ............................................... 4

3.1 Signed LSA ................................................. 4

3.2 Router Public Key LSA (PKLSA) .............................. 5

3.3 MaxAge Processing .......................................... 7

4 Key Management ............................................... 8

4.1 Identifying Keys ........................................... 8

4.1.1 Identifying Router Keys and PKLSAs ....................... 8

4.1.2 Identifying TE Public Keys ............................... 8

4.1.3 Key to use for Signing ................................... 9

4.1.4 Key to use for Verification .............................. 9

4.2 Trusted Entity (TE) Requirements ........................... 10

4.3 Scope for Keys and Signature Algorithms..................... 10

4.4 Router Key Replacement ..................................... 11

4.5 Trusted Entity Key Replacement ............................. 12

4.6 Flexible Cryptographic Environments ........................ 14

4.6.1 Multiple Signature Algorithms ............................ 14

4.6.2 Multiple Trusted Entities ................................ 15

4.6.3 Multiple Keys for One Router ............................. 16

5 Compatibility with Standard OSPF V2 .......................... 16

6 Special Considerations/Restrictions for the ABR-ASBR ......... 17

7 LSA formats .................................................. 18

7.1 Router Public Key LSA...