RSVP%20Security%20Properties%20(draft-ietf-nsis-rsvp-sec-properties-02.txt)

1
RSVP Security Properties(draft-ietf-nsis-rsvp-sec
-properties-02.txt)

• Author
• Hannes Tschofenig

2
Update

• Based on comments i removed IPsec handling from
  Section 4 (Detailed Security Properties
  Discussion)
• Reason
• IPsec handling is not the suggested RSVP
  security mechanism (only some RFCs briefly
  mention the usage of IPsec)
• Section 5 (Miscellaneous Issues) still covers
  IPsec handling

3
Update

• Appendix A on Dictionary Attacks and Kerberos
  shortened
• Additionally some typos and grammar problems have
  been fixed.
• RSVP security literature briefly mentioned in
  Appendix C.
• Draft is therefore shorter BUT ...

4
What is still missing?

• Multicast issues not covered in detail
• It seems that there is a lack of interest in
  multicast handling in general!
• Should it be skipped?
• I started to add some references/short
  description to other RSVP related security
  activities
• Is this helpful?
• Biggest Issue Authorization / User Identity
  Representation

5
Authorization / User Identity Representation

• Currently the drafts does not describe too much
  about authorization.
• Reason 1 The topic is fairly large.
• draft-tschofenig-nsis-qos-authz-issues-00.txt
• draft-tschofenig-nsis-aaa-issues-01.txt
• Analysis of Mobile IP and RSVP Interactions (M.
  Thomas)
• Accounting and Access Control for Multicast
  Distributions Models and Mechanisms
• etc.

6
Authorization / User Identity Representation

• Reason 2 An analysis is difficult.
• RSVP related RFCs do not go into the details.
• What is the expected behavior?
• Comparison only useful if this behavior can be
  compared against the currently available
  mechanisms.
• Big difference in the expected behavior.
  Something should be covered in the draft but
  what?

7
Next Steps

• Incorporate comments.