The Key MAnagement for RouTing protocols (KMART) BOF was Wednesday afternoon. It's primary goal was to improve mutual understanding between the Routing and Security Areas on the operational and protocol realities of routing security, threats against routing security, and what automated key management is and can do for you. It succeeded and seemed to presage improved cooperation between the areas. A number of excellent presentations were made on requirements, existing routing security problems and a history of attacks, operational characteristics of BGP, and key management. The BoF was well attended and the Routing and Security ADs were there. Some ISP people came to the mike and told us what problems they felt were the most pressing to solve. A list of four problems with link state routing was presented, with no disagreement, in which it was thought that the first three were reasonably soluble and the fourth more problematic: (1) weak algorithms, (2) poor key rollover / lack of key IDs, (3) lack of replay protection, and (4) multicast security. There was a desire for the Security Area to revisit RFC 3365 with respect to the routing protocol environment and for the Routing Area to pursue completion of some of the authentication work in the pipeline with renewed vigor. The TCP Authentication Option which is proceeding in parallel was cited several times. Donald (co-chair with Acee Lindem) ==================================================== Donald E. Eastlake 3rd +1-508-786-7554 (work) Motorola Laboratories 111 Locke Drive Marlborough, MA 01752 USA Donald.Eastlake at motorola.com
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.