[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec to secure rsvp
S. Felix Wu writes:
> Therefore, (according to my old/dusty memory), Fred Baker's proposal
> to secure RSVP is based on a key table and key ID to allow the next
> hop trusted RSVP router to authenticate (HMAC fashion) the message
> without prior seesion-key exchange.
Right. There are two competing goals going on with
RSVP in this respect: router alert as a discovery
mechanism, and security desires which need to know
the how to key the next hop integrity object. I
don't really see how you reconcile that unless you
have group keys on your integrity objects which
makes me a little queasy.
Mike