datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

RSVP Security Properties
RFC 4230

Document type: RFC - Informational (December 2005; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4230 (Informational)
Responsible AD: Allison Mankin
Send notices to: john.loughney@nokia.com

Network Working Group                                      H. Tschofenig
Request for Comments: 4230                                       Siemens
Category: Informational                                      R. Graveman
                                                            RFG Security
                                                           December 2005

                        RSVP Security Properties

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document summarizes the security properties of RSVP.  The goal
   of this analysis is to benefit from previous work done on RSVP and to
   capture knowledge about past activities.

Tschofenig & Graveman        Informational                      [Page 1]
RFC 4230                RSVP Security Properties           December 2005

Table of Contents

   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.   Terminology and Architectural Assumptions  . . . . . . . . .   3
   3.   Overview . . . . . . . . . . . . . . . . . . . . . . . . . .   5
        3.1.  The RSVP INTEGRITY Object  . . . . . . . . . . . . . .   5
        3.2.  Security Associations  . . . . . . . . . . . . . . . .   8
        3.3.  RSVP Key Management Assumptions  . . . . . . . . . . .   8
        3.4.  Identity Representation  . . . . . . . . . . . . . . .   9
        3.5.  RSVP Integrity Handshake   . . . . . . . . . . . . . .  13
   4.   Detailed Security Property Discussion  . . . . . . . . . . .  15
        4.1.  Network Topology   . . . . . . . . . . . . . . . . . .  15
        4.2.  Host/Router  . . . . . . . . . . . . . . . . . . . . .  15
        4.3.  User to PEP/PDP  . . . . . . . . . . . . . . . . . . .  19
        4.4.  Communication between RSVP-Aware Routers . . . . . . .  28
   5.   Miscellaneous Issues . . . . . . . . . . . . . . . . . . . .  29
        5.1.  First-Hop Issue  . . . . . . . . . . . . . . . . . . .  30
        5.2.  Next-Hop Problem . . . . . . . . . . . . . . . . . . .  30
        5.3.  Last-Hop Issue   . . . . . . . . . . . . . . . . . . .  33
        5.4.  RSVP- and IPsec-protected data traffic . . . . . . . .  34
        5.5.  End-to-End Security Issues and RSVP  . . . . . . . . .  36
        5.6.  IPsec protection of RSVP signaling messages  . . . . .  36
        5.7.  Authorization  . . . . . . . . . . . . . . . . . . . .  37
   6.   Conclusions  . . . . . . . . . . . . . . . . . . . . . . . .  38
   7.   Security Considerations  . . . . . . . . . . . . . . . . . .  40
   8.   Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  40
   9.   References . . . . . . . . . . . . . . . . . . . . . . . . .  40
        9.1.  Normative References . . . . . . . . . . . . . . . . .  40
        9.2.  Informative References . . . . . . . . . . . . . . . .  41
   A.   Dictionary Attacks and Kerberos  . . . . . . . . . . . . . .  45
   B.   Example of User-to-PDP Authentication  . . . . . . . . . . .  45
   C.   Literature on RSVP Security  . . . . . . . . . . . . . . . .  46

Tschofenig & Graveman        Informational                      [Page 2]
RFC 4230                RSVP Security Properties           December 2005

1.  Introduction

   As the work of the NSIS working group began, concerns about security
   and its implications for the design of a signaling protocol were
   raised.  In order to understand the security properties and available
   options of RSVP, a number of documents have to be read.  This
   document summarizes the security properties of RSVP and is part of
   the overall process of analyzing other signaling protocols and
   learning from their design considerations.  This document should also
   provide a starting point for further discussions.

   The content of this document is organized as follows.  Section 2
   introduces the terminology used throughout the document.  Section 3
   provides an overview of the security mechanisms provided by RSVP
   including the INTEGRITY object, a description of the identity
   representation within the POLICY_DATA object (i.e., user
   authentication), and the RSVP Integrity Handshake mechanism.  Section
   4 provides a more detailed discussion of the mechanisms used and
   tries to describe in detail the mechanisms provided.  Several
   miscellaneous issues are covered in Section 5.

   RSVP also supports multicast, but this document does not address
   security aspects for supporting multicast QoS signaling.  Multicast
   is currently outside the scope of the NSIS working group.

   Although a variation of RSVP, namely RSVP-TE, is used in the context

[include full document text]