RE: IPsec and RSVP

["Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>]

hi

>
> "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de> writes:
>
> > hi
> >
> > what speaks against applying ipsec hop-by-hop (whereby a hop is a rsvp
> > capable router)?
>
> You lose the authentication of the end-point requesting the
> reservation.

rsvp does not provide this property. there is no end-to-end authentication
(if i understood you correctly).

>  If you use ipsec in this way, then each router
> knows its peer, but you have no transitive authentication.
usually you would like to use the chain-of-trust principal, which means that
it is as good as the weakest link.


> The only protection you get is protection of on-the-wire
> request.
true. you protect along an unknown number of non-rsvp capable routers.

>  You have no protection against a corrupt router
> along the path, or indeed no way to know what the actual
> original request was.
there is no protection against corrupt routers in rsvp.
who do you want to know where the original request came from? (the
end-point?, networks in between, or all nodes in between?)

in rsvp you have no separation of mutable and non-mutable fields and since
rsvp router may modify or add something to the message it is difficult (not
possible) to use end-to-end security.

do you think there is a strong need to provide end-to-end security in rsvp?

ciao
hannes

>
> > ciao
> > hannes
>
> -derek
>
> --
>        Derek Atkins
>        Computer and Internet Security Consultant
>        derek@ihtfp.com             www.ihtfp.com