RE: Question to Kerberos/Multicast/RSVP

["Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>]

# hi rodney!

Hey, Hannes,

I assume you mean Section 7 of RFC 2747 as RFC 2474 is "Definition of the
Differentiated Services Field (DS Field) in the IPv4 and IPv6 Header," which
does not contain the text you are quoting.  FYI, your question would also
apply to <draft-ietf-rap-auth-policy-data-00.txt>.
# yes - a typo.

Yes, all receivers and the KDC must be preconfigured, either dynamically or
statically, with the principal name before the reservation takes place.  I
suspect how this is accomplished is outside the scope of these documents;
hence the short descriptions.  If you feel you have a better approach, you
are welcome to share its merits with the group.

# maybe your are right with the statement that this should be outside the
scope
# of the document. but in the case of roaming users a kerberos based
authentication is
# more difficult to accomplish if the principal name and the realm name of
the
# first hop router (or pdp) are unknown
# and no specific procedure is specified to obtain this information.
# there may be some mechanisms to learn the identity of the first hop router
# (or pdp) to which the user
# should authenticate but it seems to be difficult for a mobile node to
quickly
# figure this out. hence it seems that the approach of using kerberos is
well suited
# for stationary environments where everything is pre-defined (see windows
2000) but
# in the mobile case some issues are still open.

# ciao
# hannes

Rodney Hess
rodney.hess@intel.com