[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec to secure rsvp

To: "S. Felix Wu" <wu@cs.ucdavis.edu>
Subject: Re: ipsec to secure rsvp
From: Michael Thomas <mat@cisco.com>
Date: Wed, 29 May 2002 13:46:46 -0700 (PDT)
Cc: Hannes Tschofenig <Hannes.Tschofenig@mchp.siemens.de>, kumar_amara@yahoo.com, dong_wei@tsinghua.com, IPsec <ipsec@lists.tislabs.com>, Security_Area_Advisory_Group <saag@mit.edu>
In-Reply-To: <3CF50554.4B48FA53@cs.ucdavis.edu>
References: <BIEMJDFDALACOIGHKCHCMEGPEHAA.Hannes.Tschofenig@mchp.siemens.de><3CF50554.4B48FA53@cs.ucdavis.edu>
Sender: owner-ipsec@lists.tislabs.com

S. Felix Wu writes:
 > Therefore, (according to my old/dusty memory), Fred Baker's proposal
 > to secure RSVP is based on a key table and key ID to allow the next
 > hop trusted RSVP router to authenticate (HMAC fashion) the message
 > without prior seesion-key exchange.

   Right. There are two competing goals going on with
   RSVP in this respect: router alert as a discovery
   mechanism, and security desires which need to know
   the how to key the next hop integrity object. I
   don't really see how you reconcile that unless you
   have group keys on your integrity objects which 
   makes me a little queasy.

	    Mike

Follow-Ups:
- RE: ipsec to secure rsvp
  - From: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>

References:
- ipsec to secure rsvp
  - From: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>
- Re: ipsec to secure rsvp
  - From: "S. Felix Wu" <wu@cs.ucdavis.edu>

Prev by Date: Re:
Next by Date: Re: [saag] Re:
Prev by thread: Re: ipsec to secure rsvp
Next by thread: RE: ipsec to secure rsvp
Index(es):
- Date
- Thread