论文信息 - Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification

Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification

The IETF Standards Process requires that all normative references for a document be at the same or higher level of standardization. RFC 2026 section 9.1 allows the IESG to grant a variance to the standard practices of the IETF. This document explains why the IESG is considering doing so for the revised version of the BGP-4 specification, which refers normatively to RFC 2385, "Protection of BGP Sessions via the TCP MD5 Signature Option". RFC 2385 will remain at the Proposed Standard level. This memo provides information for the Internet community.

Steven M. Bellovin | Alex Zinin | S. Bellovin | A. Zinin

[1] Lyman Chapin,et al. The Internet Standards Process , 1992, RFC.

[2] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[3] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[4] Bart Preneel,et al. MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[5] Charles Lynn,et al. Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[6] Andy Heffernan,et al. Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[7] Scott O. Bradner,et al. The Internet Standards Process - Revision 3 , 1996, RFC.

[8] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[9] Laurent Joncheray. A Simple Active Attack Against TCP , 1995, USENIX Security Symposium.

[10] Marcus D. Leech. Key Management Considerations for the TCP MD5 Signature Option , 2003, RFC.

[11] Ina Minei,et al. LDP Specification , 2007, RFC.

[12] Bart Preneel,et al. On the Security of Two MAC Algorithms , 1996, EUROCRYPT.

[13] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[14] Xiaoyun Wang,et al. How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[15] Yakov Rekhter,et al. A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.