1 / 7

70th IETF, Dec 2007  Michael Behringer Francois Le Faucheur

Applicability of Keying Methods for RSVP Security draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt. 70th IETF, Dec 2007  Michael Behringer Francois Le Faucheur. Where are we coming from?.

Download Presentation

70th IETF, Dec 2007  Michael Behringer Francois Le Faucheur

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Applicability of Keying Methods for RSVP Securitydraft-behringer-tsvwg-rsvp-security-groupkeying-01.txt 70th IETF, Dec 2007  Michael Behringer Francois Le Faucheur draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  2. Where are we coming from? • Writing “Security Considerations” section for each new “RSVP extension for Foo” I-D (painfully) showed that: • Applicability of keying mechanisms for RSVP is not sufficiently documented • Existing key methods have limitations • New key methods (specifically “Dynamic Group Keying”) could help alleviate/remove some some limitations draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  3. Objectives • Document Key Types as well as Key Provisioning Methods that may be used for RSVP Security • Discuss applicability of those to various deployment environments • In doing so, explicitly cover the more “interesting” cases: • Single-domain & Multi-domain • Non-RSVP hops • Notify messages (non hop-by-hop) • Subverted node • RSVP Authentication & RSVP Encryption • RSVP Aggregation (over Aggregate RSVP, over RSVP-TE, over PCN clouds,..) • Intended Status: Informational draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  4. Dynamic Group Keying for RSVPdraft-weis-gdoi-for-rsvp • Apply to RSVP the methods developed by MSEC for Multicast Security • Use a group key server (GKS) to distribute group keys (GK) and policies to RSVP nodes; used for RSVP Authentication • GDOI distributed group keys are dynamically provisioned  easier to use than static peer/if keys GKS GK GK R3 GK GK R1 R2 R5 GK R4 zone of trust draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  5. Changes from 00 to 01 • Refocused Scope to complement RFC4230(*) and avoid overlap • From “RSVP Security Framework” to “Applicability of Keying Methods” • Added discussion on relationship with RFC4230 • Added section on applicability to other RSVP Deployment Models: • RSVP Aggregation over Aggregate RSVP [RFC3175] [RFC4860] • RSVP Aggregation over RSVP-TE [RFC4804] • RSVP over PCN cloud • Started discussing applicability to RSVP Encryption • Added section on applicability to Notify • Added section on end-host considerations • Added text in Trust Model section to answer the “trust to do what?” question raised by Bob Briscoe on list (*) RFC4230 = RSVP Security Properties draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  6. Next Steps • Add discussion on issues & applicability to RSVP-TE & MPLS FRR environments • referenceable by draft-fang-mpls-and-gmpls-security-framework • Expand discussion on RSVP Encryption draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

  7. Questions • What are the areas that need be added, expanded,…? • We solicit review and further input draft-behringer-tsvwg-rsvp-security-groupkeying-01.txt

More Related