[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [saag] Re:

To: "IETF_DavidChen" <ietf_davidchen@hotmail.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'Prof. Ahmed Bin Abbas Ahmed Ali Adas'" <alaadas@kaau.edu.sa>, "Davenport Michael" <davenport_michael@bah.com>
Subject: RE: [saag] Re:
From: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>
Date: Thu, 6 Jun 2002 17:07:08 +0200
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <OE29y1WZhKmcEntH4Nn00009316@hotmail.com>
Sender: owner-ipsec@lists.tislabs.com

hi david

> Phil,
>
> Agreed most of your observations.
>
> In addition to that, I would like to point out that
> RSVP is bandwidth reservation protocol for guarantee IP packet delivery in
> timely fashion.

actually it is a signaling protocol. it does not really reserve bandwidth or
any other qos things. this is the purpose of the underlying qos mechanisms.

> It can be used for 1-to-1 or 1-to-many and initiated by the
> receiver to set
> up a simplex flow.

good point. so far we haven't mentioned the rsvp multicast implications for
security.

> Each hop along the RSVP reserved path has to commit the bandwidth.
> For IP security point of view, each hop along the reserved/requested path
> have to trust each other
> for the bandwidth committed is vital to the router's behavior.

i would like to add that not all nodes have to trust each other directly.
instead the chain-of-trust principle uses the transitive trust relationship
between the individual nodes along the path to establish the end-to-end
trust rel..

>
> The (D)DOS attack to any RSVPable router can not be protected by IPSec v1.

to which dos attack are you exactly referring?

> For other sec protection,  IPSec's secured data channel has to be
> established first
> before RSVP signaling message.

yes.

> It has to be done hop by hop - not just between flow sender and receiver.

true, it cannot be done end-to-end because of various reasons including:
- rsvp message modification along the path
- route pinning
etc.

>
> As for protecting flow itself (after RSVP has set up the flow), IPSec can
> set up only between sender and receiver...
> However, I don't think this is what this thread is interested.

yes - the protection of data traffic after the rsvp signaling took place
using ipsec is a different issue.

>
> Scalability could be an issue to setup IPSec channel for all hops
> along the
> requested/flow path.

the question of scalability depends how many rsvp aware nodes along the path
you have.
futhermore ipsec (in a hop-by-hop manner) may also be used for a specific
part in the network (for example between two network providers) whereas
other parts use the rsvp built-in integrity object.

> If "no IPSec -> no RSVP" is not an issue, it seems ok. :-)
i am not quite sure what you mean with this statement.

ciao
hannes

Follow-Ups:
- Re: [saag] Re:
  - From: "IETF_DavidChen" <ietf_davidchen@hotmail.com>

References:
- Re: [saag] Re:
  - From: "IETF_DavidChen" <ietf_davidchen@hotmail.com>

Prev by Date: Re: [saag] Re:
Next by Date: Re: [saag] Re:
Prev by thread: Re: [saag] Re:
Next by thread: Re: [saag] Re:
Index(es):
- Date
- Thread