RFC 3562 (rfc3562) - Page 1 of 7
Key Management Considerations for the TCP MD5 Signature Option
Alternative Format: Original Text Document
Network Working Group M. Leech
Request for Comments: 3562 Nortel Networks
Category:Informational July 2003
Key Management Considerations for
the TCP MD5 Signature Option
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
The TCP MD5 Signature Option (RFC 2385), used predominantly by BGP,
has seen significant deployment in critical areas of Internet
infrastructure. The security of this option relies heavily on the
quality of the keying material used to compute the MD5 signature.
This document addresses the security requirements of that keying
material.
1. Introduction
The security of various cryptographic functions lies both in the
strength of the functions themselves against various forms of attack,
and also, perhaps more importantly, in the keying material that is
used with them. While theoretical attacks against the simple MAC
construction used in RFC 2385 are possible [MDXMAC], the number of
text-MAC pairs required to mount a forgery make it vastly more
probable that key-guessing is the main threat against RFC 2385.
We show a quantitative approach to determining the security
requirements of keys used with [RFC 2385], which tends to suggest the
following:
o Key lengths SHOULD be between 12 and 24 bytes, with larger keys
having effectively zero additional computational costs when
compared to shorter keys.
Leech Informational