[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

subIP tissa@force10networks.com

To: "'idsummary@subip.ietf.org'" <idsummary@subip.ietf.org>
Subject: subIP tissa@force10networks.com
From: Tissa Senevirathne <tissa@force10networks.com>
Date: Wed, 16 May 2001 12:12:34 -0700
Delivery-date: Wed, 16 May 2001 12:12:39 -0700
Envelope-to: idsummary-data@psg.com


NAME of I-D:

http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-01.txt

(New contact information is: tissa@force10networks.com)

SUMMARY:

This I-D specifies a mechanism for securing the MPLS data plane, ie securing
any data carried over MPLS. This work is split into two aspects: use of IKE
to establish the required security association for secure MPLS and
definition of the encapsulation formats required for the encryption and
authentication of MPLS payloads. Extensions, under the form of a new Domain
of Interpretation, are defined for the use of IKE to set up Security
Associations for secure MPLS. Also, two methods are presented to transport
IKE messages between edge LSRs: IKE over RSVP and IKE over a separate IP
channel. A new RSVP object is defined to exchange security association
messages as part of the LSP setup messages. It is thought that the use of a
separate IP channel facilitates scaling, especially in the environment where
multiple LSPs terminate between the same two edge LSRs.


RELATED DOCUMENTS:

http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-00.txt
http://search.ietf.org/internet-drafts/draft-tsenevir-mpls-lauth-00.txt
http://search.ietf.org/internet-drafts/draft-schrijvp-mpls-ldp-end-to-end-au
th-03.txt

WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK

MPLS/CCAMP

WHY IS IT TARGETED AT THIS WG (AREA)

This document describes mechanisms to secure the MPLS data plane. The choice
of the working groups within the Sub-IP Area depend on the interpretation of
Secure MPLS. If Secure MPLS is considered as part of the Core MPLS protocol
it may be considered at MPLS WG. On the other hand if this is considered as
Control of MPLS it may be considered at CCAMP WG.

JUSTIFICATION

Broader definition of CCAMP working group includes specifying control of
technologies such as MPLS. Providing security at each level of technology is
in essence a control process of that protocol. As an example IPsec is
considered security control plane of IP. Increasingly MPLS is used as a wide
area protocol to carry various kinds of IP and sub-IP payloads. In some
scenarios use of IPsec to secure the data plane may be either not possible
or an overkill. Existence of well-defined security plane is a prime
requirement in any protocol. MPLS lacks any serious work in the security
plane. Hence we propose to consider Secure MPLS as a Working item either in
CCAMP or MPLS WG. The Secure MPLS work item attempts to specify security
requirements of MPLS and provide solutions to address each of the
requirements.


Milestones

June 2001: Submit first version of MPLS security requirement

December 2001: Submit solutions for Security plane of MPLS
                           Submit DOI for Secure MPLS
                           Begin Discussion of MPLS security requirements

March 2002: Begin Discussion of Security Plane solutions
                     Begin discussion of Secure MPLS DOI
                     Update MPLS security requirements based on discussion

June 2002: Update Security Plane Solution based on the discussion
                  Submit Secure MPLS DOI to IESG as possible RFC
                  Submit MPLS security requirement document to IESG as
possible informational RFC

December 2002: Submission of Security Plane solution to IESG as possible RFC

Prev by Date: subIP draft-tsenevir-mpls-lauth-00.txt
Next by Date: subIP draft-tsenevir-smpls-01.txt
Prev by thread: subIP draft-tsenevir-smpls-01.txt
Next by thread: subIP draft-tsenevir-mpls-lauth-00.txt
Index(es):
- Date
- Thread