[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPsec and RSVP
hi
>
> "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de> writes:
>
> > hi
> >
> > what speaks against applying ipsec hop-by-hop (whereby a hop is a rsvp
> > capable router)?
>
> You lose the authentication of the end-point requesting the
> reservation.
rsvp does not provide this property. there is no end-to-end authentication
(if i understood you correctly).
> If you use ipsec in this way, then each router
> knows its peer, but you have no transitive authentication.
usually you would like to use the chain-of-trust principal, which means that
it is as good as the weakest link.
> The only protection you get is protection of on-the-wire
> request.
true. you protect along an unknown number of non-rsvp capable routers.
> You have no protection against a corrupt router
> along the path, or indeed no way to know what the actual
> original request was.
there is no protection against corrupt routers in rsvp.
who do you want to know where the original request came from? (the
end-point?, networks in between, or all nodes in between?)
in rsvp you have no separation of mutable and non-mutable fields and since
rsvp router may modify or add something to the message it is difficult (not
possible) to use end-to-end security.
do you think there is a strong need to provide end-to-end security in rsvp?
ciao
hannes
>
> > ciao
> > hannes
>
> -derek
>
> --
> Derek Atkins
> Computer and Internet Security Consultant
> derek@ihtfp.com www.ihtfp.com