Hi.
Yes I'm making a last call comment on a document I edit:-)
During discussion of another document
)(draft-ietf-karp-crypto-key-table), a routing directorate review
brought up the concern that we don't talk about time synchronization.
Without time synchronization, the wrong keys can be selected in certain
circumstances.
In some cases, time synchronization is required for replay detection,
although that is rare for routing protocols.
Those involved in the discussion of time synchronization and
draft-ietf-karp-crypto-key-table believed that draft-ietf-karp-ops-model
is a better place for a discussion of time synchronization than
draft-ietf-karp-crypto-key-table.
So, I'd like to propose the following text be added to security
considerations:
<t>Close synchronization of time can impact the security of
routing protocols in a number of ways. Time is used to control
when keys MAY bxegin being used and when they MUST NOT be used any
longer as described in <xref
target="i-d.ietf-karp-crypto-key-table"></xref>. Routers need to
have tight enough time synchronization that receivers permit a key
to be used prior to the first use of that key or availability will
be impacted. If time synchronization is too loose, then a key can
be used beyond its intended lifetime. The Network Time Protocol
(NTP) can be used to provide time synchronization. For some
protocols, time synchronization is also important for replay
detection.