70 likes | 178 Views
Applicability of Keying Methods for RSVP Security draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt. 70th IETF, Dec 2007 Michael Behringer Francois Le Faucheur. Where are we coming from?.
E N D
Applicability of Keying Methods for RSVP Securitydraft-behringer-tsvwg-rsvp-security-groupkeying-01.txt 70th IETF, Dec 2007 Michael Behringer Francois Le Faucheur draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Where are we coming from? • Writing “Security Considerations” section for each new “RSVP extension for Foo” I-D (painfully) showed that: • Applicability of keying mechanisms for RSVP is not sufficiently documented • Existing key methods have limitations • New key methods (specifically “Dynamic Group Keying”) could help alleviate/remove some some limitations draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Objectives • Document Key Types as well as Key Provisioning Methods that may be used for RSVP Security • Discuss applicability of those to various deployment environments • In doing so, explicitly cover the more “interesting” cases: • Single-domain & Multi-domain • Non-RSVP hops • Notify messages (non hop-by-hop) • Subverted node • RSVP Authentication & RSVP Encryption • RSVP Aggregation (over Aggregate RSVP, over RSVP-TE, over PCN clouds,..) • Intended Status: Informational draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Dynamic Group Keying for RSVPdraft-weis-gdoi-for-rsvp • Apply to RSVP the methods developed by MSEC for Multicast Security • Use a group key server (GKS) to distribute group keys (GK) and policies to RSVP nodes; used for RSVP Authentication • GDOI distributed group keys are dynamically provisioned easier to use than static peer/if keys GKS GK GK R3 GK GK R1 R2 R5 GK R4 zone of trust draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Changes from 00 to 01 • Refocused Scope to complement RFC4230(*) and avoid overlap • From “RSVP Security Framework” to “Applicability of Keying Methods” • Added discussion on relationship with RFC4230 • Added section on applicability to other RSVP Deployment Models: • RSVP Aggregation over Aggregate RSVP [RFC3175] [RFC4860] • RSVP Aggregation over RSVP-TE [RFC4804] • RSVP over PCN cloud • Started discussing applicability to RSVP Encryption • Added section on applicability to Notify • Added section on end-host considerations • Added text in Trust Model section to answer the “trust to do what?” question raised by Bob Briscoe on list (*) RFC4230 = RSVP Security Properties draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Next Steps • Add discussion on issues & applicability to RSVP-TE & MPLS FRR environments • referenceable by draft-fang-mpls-and-gmpls-security-framework • Expand discussion on RSVP Encryption draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt
Questions • What are the areas that need be added, expanded,…? • We solicit review and further input draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt