[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
subIP draft-tsenevir-mpls-lauth-00.txt
NAME of I-D:
http://search.ietf.org/internet-drafts/draft-tsenevir-mpls-lauth-00.txt
SUMMARY:
This I-D discuss methods to protect MPLS Label stack from security related
attacks such as, label spoofing. Two HMAC based label stack authentication
methods are provided. Applicable deployment scenarios are presented where
appropriate. Methods presented in this document are intended for label stack
authentication .
RELATED DOCUMENTS:
http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-00.txt
http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-01.txt
http://search.ietf.org/internet-drafts/draft-schrijvp-mpls-ldp-end-to-end-au
th-03.txt
WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK
MPLS/CCAMP/PPVPN
WHY IS IT TARGETED AT THIS WG (AREA)
This document describes mechanisms to secure the MPLS data plane against
denial of services, label spoofing, connection hijacking etc... The choice
of the working groups within the Sub-IP Area depend on the interpretation of
Secure MPLS. If Secure MPLS is considered as part of the Core MPLS protocol
it may be considered at MPLS WG. On the other hand if this is considered as
Control of MPLS it may be considered at CCAMP WG. Label stack validation
may be important in CPE to PE connection. In that aspect, Label stack
authentication is within the work of PPVPN.
JUSTIFICATION
Broader definition of CCAMP working group includes specifying control of
technologies such as MPLS. Providing security at each level of technology is
in essence a control process of that protocol. As an example IPsec is
considered security control plane of IP. Increasingly, MPLS is used as a
wide area protocol to carry various kinds of IP and sub-IP payloads. In some
scenarios use of IPsec to secure the data plane may be either not possible
or an overkill. Existence of well-defined security plane is a prime
requirement in any protocol. MPLS lacks any serious work in the security
plane. Hence we propose to consider Secure MPLS as a Working item either in
CCAMP or MPLS WG. The Secure MPLS work item attempts to specify security
requirements of MPLS and provide solutions to address each of the
requirements.
Milestones
June 2001: Submit first version of MPLS security requirement
December 2001: Submit solutions for Security plane of MPLS
Submit DOI for Secure MPLS
Begin Discussion of MPLS security requirements
March 2002: Begin Discussion of Security Plane solutions
Begin discussion of Secure MPLS DOI
Update MPLS security requirements based on discussion
June 2002: Update Security Plane Solution based on the discussion
Submit Secure MPLS DOI to IESG as possible RFC
Submit MPLS security requirement document to IESG as
possible informational RFC
December 2002: Submission of Security Plane solution to IESG as possible RFC