RFC 2154 (rfc2154) - Page 3 of 29

OSPF with Digital Signatures

RFC 2154              OSPF with Digital Signatures             June 1997


   The basic idea of this proposal is to add digital signatures to OSPF
   LSA data, distribute certified router information and keys, and use a
   neighbor-to-neighbor authentication algorithm (like keyed MD5) to
   protect local protocol exchanges.  The content of a Hello packet,
   Link State Request, Link State Update, or Database Description will
   be protected by the neighbor-to-neighbor algorithm.  The LSAs that
   are being flooded inside the Link State Update packets are
   individually protected by a digital signature.  Each LSA will be
   signed by the originator of that information and the signature will
   stay with the data in its travels via OSPF flooding.  This will
   provide end-to-end integrity and authentication for LSA data. The
   digital signature attached to an LSA by the source router provides
   assurance that the data comes from the advertising router.  It will
   also ensure that the data has not been modified by some other router
   in the course of flooding.  In the case where incorrect routing data
   is originated by a faulty router, the signature will identify the
   source of the problem.

   Digital signatures are implemented using public key cryptography.
   There are some good books on the subject of cryptography [6], but the
   high level view of how this design uses public key cryptography is as
   follows: Each router has a pair of keys, a public key and a private
   key.  The private key is used to generate a unique signature of a
   block of data (in this case, the LSA). Each router signs its LSAs by
   first running a one-way hash algorithm (like MD5 or SHA) on the data,
   and then using its private key to sign the digest.  The signature of
   an LSA is appended to the LSA. The public key can be used by any
   other router to verify the signature.  The private key must be kept
   secret by one router and the public key must be distributed to all
   the routers that will receive link state information from the signer.
   The distribution is accomplished by creating a new LSA, the Public
   Key LSA (PKLSA), and distributing it via the standard OSPF flooding
   procedure.  Flooding will ensure that a router public key is sent
   everywhere that the router's signed LSAs are sent.

   Any router can send out a public key and claim to be a given router,
   so the public key itself provides no assurance of the actual identity
   of the sender. This assurance must be provided by a Trusted Entity.
   The Trusted Entity (TE) is a system that generates certificates for
   routers.  A certificate is a packet of information about a router
   that identifies the router and supplies a public key. Certified
   router information will include the router id, its role, the address
   ranges that the router may advertise, a timestamp and the router's
   public key. The certificate is signed by the TE.  Each router must be
   configured with a certificate and a TE public key to use in verifying
   other routers' certificates.  A router PKLSA contains the certificate
   for that router.  A router receiving a PKLSA verifies the certificate
   using the TE public key, and then verifies the whole LSA using the



Murphy, et. al.               Experimental