[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

subIP draft-tsenevir-mpls-lauth-00.txt

To: "'idsummary@subip.ietf.org'" <idsummary@subip.ietf.org>
Subject: subIP draft-tsenevir-mpls-lauth-00.txt
From: Tissa Senevirathne <tissa@force10networks.com>
Date: Wed, 16 May 2001 12:10:10 -0700
Delivery-date: Wed, 16 May 2001 12:10:12 -0700
Envelope-to: idsummary-data@psg.com


NAME of I-D:

http://search.ietf.org/internet-drafts/draft-tsenevir-mpls-lauth-00.txt

SUMMARY:

This I-D discuss methods to protect MPLS Label stack from security related
attacks such as, label spoofing. Two HMAC based label stack authentication
methods are provided.  Applicable deployment scenarios are presented where
appropriate. Methods presented in this document are intended for label stack
authentication .


RELATED DOCUMENTS:

http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-00.txt
http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-01.txt
http://search.ietf.org/internet-drafts/draft-schrijvp-mpls-ldp-end-to-end-au
th-03.txt

WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK

MPLS/CCAMP/PPVPN

WHY IS IT TARGETED AT THIS WG (AREA)

This document describes mechanisms to secure the MPLS data plane against
denial of services, label spoofing, connection hijacking etc... The choice
of the working groups within the Sub-IP Area depend on the interpretation of
Secure MPLS. If Secure MPLS is considered as part of the Core MPLS protocol
it may be considered at MPLS WG. On the other hand if this is considered as
Control of MPLS it may be considered at CCAMP WG.  Label stack validation
may be important in CPE to PE connection. In that aspect, Label stack
authentication is within the work of PPVPN.

JUSTIFICATION

Broader definition of CCAMP working group includes specifying control of
technologies such as MPLS. Providing security at each level of technology is
in essence a control process of that protocol. As an example IPsec is
considered security control plane of IP. Increasingly, MPLS is used as a
wide area protocol to carry various kinds of IP and sub-IP payloads. In some
scenarios use of IPsec to secure the data plane may be either not possible
or an overkill. Existence of well-defined security plane is a prime
requirement in any protocol. MPLS lacks any serious work in the security
plane. Hence we propose to consider Secure MPLS as a Working item either in
CCAMP or MPLS WG. The Secure MPLS work item attempts to specify security
requirements of MPLS and provide solutions to address each of the
requirements.


Milestones

June 2001: Submit first version of MPLS security requirement

December 2001: Submit solutions for Security plane of MPLS
                           Submit DOI for Secure MPLS
                           Begin Discussion of MPLS security requirements

March 2002: Begin Discussion of Security Plane solutions
                     Begin discussion of Secure MPLS DOI
                     Update MPLS security requirements based on discussion

June 2002: Update Security Plane Solution based on the discussion
                  Submit Secure MPLS DOI to IESG as possible RFC
                  Submit MPLS security requirement document to IESG as
possible informational RFC

December 2002: Submission of Security Plane solution to IESG as possible RFC

Prev by Date: gsmp draft-ietf-gsmp-applicability-01
Next by Date: subIP tissa@force10networks.com
Prev by thread: subIP tissa@force10networks.com
Next by thread: gsmp draft-ietf-gsmp-applicability-01
Index(es):
- Date
- Thread