[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [saag] Re:



At 03:59 PM 5/29/02 +0200, Hannes Tschofenig wrote:
>do you think that the hop-by-hop security in rsvp is a good or a bad thing?
>should there be more than what is currently provided?

There needs to be more than what is currently provided,
but, as always, there's a big keying/cert problem, particularly
in a multi-"domain" environment.  I don't think the threat
environment is particularly well-understood (I've seen your
NSIS draft but haven't gone through it in detail).  Clearly
IPSec is not the right answer for Path messages, however,
because while the addressing is end-to-end the payload 
contents do change as the packet transits participating
routers.

Melinda