Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,

Published bySusan Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,"— Presentation transcript:

1 1 Achieving Local Availability of Group SA Ya Liu, liuya@huawei.comliuya@huawei.com Bill Atwood, bill@cse.concordia.cabill@cse.concordia.ca Brian Weis, bew@cisco.com IETF 70, Dec 2007, Vancouver

2 2 Background Group security model is used in OSPFv3 IPsec and PIM-SM link-local security. –Please refer to RFC4552 and draft-ietf-pim-sm- linklocal for more details. Currently, only the manual keying method is proposed. –Manual method is neither scalable nor secure. It has been proposed to achieve automated group keying for OSPF and PIM using MSEC GKM protocols. –Please refer to draft-liu-ospfv3-automated-keying-req and draft-ietf-pim-sm-linklocal for more details. IETF 70, Dec 2007, Vancouver

3 3 A Chicken & Egg Issue MSEC GKM protocols fail in the OSPF case because they are based on a client/server model. This means these protocols rely on reachability between clients and servers for the clients to obtain the group SA from the key server. In the OSPF case, the GKM is providing protection for OSPF, which is an essential component in providing reachability between the clients and servers. Hence, the client/server model breaks down in this situation. PIM has no such issue. –Thus, the solution for OSPF also applies to PIM. IETF 70, Dec 2007, Vancouver

4 4 Possible Solutions Locally deploying GCKS –No extensions are needed. Separating GC/KS, and locally deploying KS while centrally deploying GC –For cost consideration, the KS can be logical. For example, a protocol (e.g., OSPF, PIM) speaking router works as the KS of its listeners. –An extension to specify the protocol between a centralized GC and the individual KS is needed. Locally deploying delegates, centrally deploying GCKS –An extension to relay group keying service between the centralized GCKS and local group members is needed. IETF 70, Dec 2007, Vancouver

5 5 Suggestion Choose one solution and standardize it. –If extensions to MSEC GKM protocols are necessary, such work SHOULD be done in MSEC. –Both OSPF WG and PIM WG need to write their own I-Ds to profile use of MSEC GKM protocols. –Optionally, MSEC WG may produce an guideline doc to introduce the use of MSEC GKM protocols in other control plane protocols, such as OSPF, PIM, RSVP, etc. IETF 70, Dec 2007, Vancouver

6 6 Comments? Thanks! IETF 70, Dec 2007, Vancouver

Download ppt "1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Router Identification Problem Statement J.W. Atwood 2008/03/11

Router Identification Problem Statement J.W. Atwood 2008/03/11
Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.

Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines-01 Philip Matthews Alcatel-Lucent.
OSPF Two-part Metrics Jeffrey Zhang Lili Wang Juniper Networks 88 th IETF, Vancouver.

OSPF Two-part Metrics Jeffrey Zhang Lili Wang Juniper Networks 88 th IETF, Vancouver.
Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park

Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park
11/07/2003IETF-58 MSEC and AAA page 1 George Gross, IdentAware ™ Security IETF-58, Minneapolis, MN November 10 th 2003 Multicast.

11/07/2003IETF-58 MSEC and AAA page 1 George Gross, IdentAware ™ Security IETF-58, Minneapolis, MN November 10 th 2003 Multicast.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
OSPF WG – IETF 68 - Prague OSPF WG Document Candidates Acee Lindem/Redback Networks.

OSPF WG – IETF 68 - Prague OSPF WG Document Candidates Acee Lindem/Redback Networks.
OSPF Two-part Metrics Jeffrey Zhang Juniper Networks 90 th IETF, Toronto.

OSPF Two-part Metrics Jeffrey Zhang Juniper Networks 90 th IETF, Toronto.
Update to: The OSPF Opaque LSA Option draft-berger-ospf-rfc2370bis Lou Berger Igor Bryskin Alex Zinin

Update to: The OSPF Opaque LSA Option draft-berger-ospf-rfc2370bis Lou Berger Igor Bryskin Alex Zinin
1 Behcet Sarikaya Frank Xia July 2010 Flexible DHCPv6 Prefix Delegation in Mobile Networks IETF 78

1 Behcet Sarikaya Frank Xia July 2010 Flexible DHCPv6 Prefix Delegation in Mobile Networks IETF 78
Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.

Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.
Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov. 2002 Jeb Linton, EarthLink

Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov Jeb Linton, EarthLink
Host Identity Protocol

Host Identity Protocol
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
Draft-tarapore-mbone- multicast-cdni-05 Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram Krishnan, Brocade.

Draft-tarapore-mbone- multicast-cdni-05 Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram Krishnan, Brocade.
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson

DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Multicast Distribution Tree Extensions for IS-IS draft-yong-isis-ext-4-distribution-tree-02 Lucy Yong Donald Eastlake Andrew Qu July 20141.

Multicast Distribution Tree Extensions for IS-IS draft-yong-isis-ext-4-distribution-tree-02 Lucy Yong Donald Eastlake Andrew Qu July

Similar presentations

Ads by Google