[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MPLS draft-schrijvp-mpls-ldp-end-to-end-auth-03.txt
NAME OF I-D
http://www.ietf.org/internet-drafts/draft-schrijvp-mpls-ldp-end-to-end-auth-03.txt
SUMMARY
The Label Distribution Protocol (LDP), as currently defined, makes
use of the TCP MD5 Signature option to protect (authentication and
integrity) the LDP traffic between two adjacent LSRs. This document
specifies extensions to LDP to enable end-to-end authentication
between non-adjacent LSR's (ie not directly connected via a TCP
connection) that are setting up an LSP. Two mechanisms are defined
that also provide integrity protection of the information carried
within LDP messages and protect against the malicious replay of LDP
messages. Both proposed mechanisms require ordered control LDP and
can also be applied to CR-LDP.
RELATED DOCUMENTS
none
WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK
mpls box.
WHY IS IT TARGETED AT THIS WG
This document describes mechanisms that can be used to provide
authentication of LSP originators within LDP, as described in the MPLS
WG charter.
JUSTIFICATION
This document is justified by the fact that it covers goal 3 of the MPLS
WG charter, which requests the specification of appropriate extensions
to LDP and RSVP for authentication of LSP originators. The present
document actually proposes such mechanisms for LDP.
--
Olivier Paridaens
Alcatel Corporate Network Strategy Group
Security Technologies
NSG Web site: http://www.rc.bel.alcatel.be/nsg/index.htm
Security group Web site:
http://www.rc.bel.alcatel.be/~paridaeo/Security-TF.html