80 likes | 265 Views
More TWAMP – Mixed Security Mode Extension. Al Morton, Kaynam Hedayat June 30, 2008. Security Modes MUST Match. RFC4656 OWAMP requires TEST to match the CONTROL protocol. “All OWAMP-Test sessions that are spawned by an OWAMP-Control session inherit its mode.”
E N D
More TWAMP – Mixed Security Mode Extension Al Morton, Kaynam Hedayat June 30, 2008
Security Modes MUST Match • RFC4656 OWAMP requires TEST to match the CONTROL protocol. • “All OWAMP-Test sessions that are spawned by an OWAMP-Control session inherit its mode.” • Maybe clarify with a MUST in Errata…
Security Modes: Mandatory to Implement • Secure modes may see more widespread use on the Control Protocol IF • Test protocol can run Unauthenticated • ALL resources on accuracy and scale when limitations are reached
Mixed Mode Field Extension (new registry needed) Value Description Reference/Explanation 0 Reserved 1 Unauthenticated RFC4656, Section 3.1 2 Authenticated RFC4656, Section 3.1 4 Encrypted RFC4656, Section 3.1 8 Unauth. TEST protocol, new bit position (3) Encrypted CONTROL NOTE: only ONE new mode is needed!
Mode Field Extension ---------------------------------------------------- Protocol | Permissible Mode Combinations ---------------------------------------------------- Control | Unauth. | Auth. <=|=> Encrypted ---------------------------------------------------- | Unauth. | | Unauth. ------------------------------------------- Test | | Auth. | ------------------------------------------- | | | Encrypted ----------------------------------------------------
Mode Field Extension Compatibility (easy!) C S |---------->| TCP SYN |<----------| SYN-ACK |---------->| ACK |<----------| Server Greeting Current TWAMP sets bits 0-2 Mixed-Mode Extension, bit 3 |---------->| Set-Up-Response
Proposal for IPPM WG • This is very simple extension • Adds one new communication mode, using existing features • Creates a Mode Registry needed for any future features PROPOSAL – Move this forward as a stand-alone WG draft.