70 likes | 269 Views
Author: Hannes Tschofenig . RSVP Security Properties ( draft-ietf-nsis-rsvp-sec-properties-02.txt ). Update. Based on comments i removed IPsec handling from Section 4 (“Detailed Security Properties Discussion”) Reason:
E N D
Author: Hannes Tschofenig RSVP Security Properties(draft-ietf-nsis-rsvp-sec-properties-02.txt)
Update • Based on comments i removed IPsec handling from Section 4 (“Detailed Security Properties Discussion”) • Reason: IPsec handling is not the suggested RSVP security mechanism (only some RFCs briefly mention the usage of IPsec) • Section 5 (Miscellaneous Issues) still covers IPsec handling
Update • Appendix A on “Dictionary Attacks and Kerberos” shortened • Additionally some typos and grammar problems have been fixed. • RSVP security literature briefly mentioned in Appendix C. • Draft is therefore shorter BUT ...
What is still missing? • Multicast issues not covered in detail • It seems that there is a lack of interest in multicast handling in general! • Should it be skipped? • I started to add some references/short description to other RSVP related security activities • Is this helpful? • Biggest Issue: Authorization / User Identity Representation
Authorization / User Identity Representation • Currently the drafts does not describe too much about authorization. • Reason 1: The topic is fairly large. • draft-tschofenig-nsis-qos-authz-issues-00.txt • draft-tschofenig-nsis-aaa-issues-01.txt • Analysis of Mobile IP and RSVP Interactions (M. Thomas) • Accounting and Access Control for Multicast Distributions: Models and Mechanisms • etc.
Authorization / User Identity Representation • Reason 2: An analysis is difficult. • RSVP related RFCs do not go into the details. • What is the expected behavior? • Comparison only useful if this behavior can be compared against the currently available mechanisms. • Big difference in the expected behavior. Something should be covered in the draft – but what?
Next Steps • Incorporate comments.