Network Working Group Enke Chen Internet Draft Cisco Systems Expiration Date: July 2006 Albert Tian Redback Networks TTL-Based Security Option for the LDP Hello Message draft-chen-ldp-ttl-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract To facilitate the deployment of the TTL-based security mechanism for LDP, in this document we propose a new optional parameter for the LDP Hello Message that can be used by a LSR to indicate its support of the TTL-based mechanism. Chen & Tian [Page 1] Internet Draft draft-chen-ldp-ttl-01.txt January 2006 1. Introduction The LDP [LDP] sessions established following the LDP basic discovery are between two directly connected LSRs. As a result, the TTL-based security mechanism described in [RFC3682] is fully applicable to such sessions. To deploy the TTL-based security mechanism, however, both LSRs involved in the LDP session must be coordinated and synchronized in setting and checking the TTL values. The coordination effort may not be trivial for a large network. To facilitate the deployment of the TTL-based security mechanism for LDP, in this document we propose a new optional parameter for the LDP Hello Message that can be used by a LSR to indicate its support of the TTL-based mechanism. 2. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Protocol Extension The new optional parameter for the LDP Hello Message is defined as the following: Optional Parameter: Support for TTL-based Security Type: See the IANA Considerations section Length: 0 U bit: 1 F bit: 0 This optional parameter MAY be used by a LSR to indicate its support for the TTL-based security mechanism [RFC3682]. When both LSRs exchanging the LDP Hello Messages support the TTL-based security mechanism, the LSRs MUST follow the TTL-based security procedures for the LDP peer to be established between them. More specifically, o The TTL field of an outbound packet for the LDP session MUST be set to the maximum value (255). o For an inbound packet to be accepted, the TTL field of the packet MUST be 255 if the TTL value is not decremented by the receiving LSR. Otherwise, the TTL field MUST be 254. The Chen & Tian [Page 2] Internet Draft draft-chen-ldp-ttl-01.txt January 2006 choice between these two values is implementation specific, and is a local matter. The optional parameter SHOULD NOT be included in a LDP targeted Hello Message sent by a LSR, and SHOULD be ignored in a targeted Hello Message received by a LSR. 4. IANA Considerations This document defines a new optional parameter for the LDP Hello Message. The type code needs to be assigned by IANA. 5. Security Considerations This extension to LDP does not change the underlying security properties with the TTL-based security mechanism [RFC3682]. This extension is only application to LDP peers as a result of the LDP basic discovery. For LDP sessions resulting from the LDP targeted discovery, the TCP MD5 is recommended by [LDP]. 6. Acknowledgments TBD 7. References 7.1. Normative References [LDP] L. Andersson, P. Doolan, N. Feldman, A. Fredette, and B. Thomas, "LDP Specification", RFC 3036, January 2001. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 7.2. Non-normative References [RFC3682] V. Gill, J. Heasley, D. Meyer, "The Generalized TTL Security Mechanism (GTSM)", RFC 3682, February 2004. Chen & Tian [Page 3] Internet Draft draft-chen-ldp-ttl-01.txt January 2006 8. Author Information Enke Chen Cisco Systems, Inc. 170 W. Tasman Dr. San Jose, CA 95134 Email: enkechen@cisco.com Albert Tian Redback Networks, Inc. 300 Holger Way San Jose, CA 95134 Email: tian@redback.com 9. Full Copyright Notice Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Chen & Tian [Page 4]