Browse Prior Art Database

RSVP Cryptographic Authentication (RFC2747) Disclosure Number: IPCOM000003344D
Original Publication Date: 2000-Jan-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 17 page(s) / 46K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

F. Baker: AUTHOR [+3]


This document describes the format and use of RSVP's INTEGRITY object to provide hop-by-hop integrity and authentication of RSVP messages.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group F. Baker

Request for Comments: 2747 Cisco

Category: Standards Track B. Lindell


M. Talwar


January 2000

RSVP Cryptographic Authentication

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.


This document describes the format and use of RSVP's INTEGRITY object

to provide hop-by-hop integrity and authentication of RSVP messages.

1. Introduction

The Resource ReSerVation Protocol RSVP [1] is a protocol for setting

up distributed state in routers and hosts, and in particular for

reserving resources to implement integrated service. RSVP allows

particular users to obtain preferential access to network resources,

under the control of an admission control mechanism. Permission to

make a reservation will depend both upon the availability of the

requested resources along the path of the data, and upon satisfaction

of policy rules.

To ensure the integrity of this admission control mechanism, RSVP

requires the ability to protect its messages against corruption and

spoofing. This document defines a mechanism to protect RSVP message

integrity hop-by-hop. The proposed scheme transmits an

authenticating digest of the message, computed using a secret

Authentication Key and a keyed-hash algorithm. This scheme provides

protection against forgery or message modification. The INTEGRITY

object of each RSVP message is tagged with a one-time-use sequence

number. This allows the message receiver to identify playbacks and

hence to thwart replay attacks. The proposed mechanism does not

afford confidentiality, since messages stay in the clear; however,

the mechanism is also exportable from most countries, which would be

impossible were a privacy algorithm to be used. Note: this document

uses the terms "sender" and "receiver" differently from [1]. They

are used here to refer to systems that face each other across an RSVP

hop, the "sender" being the system generating RSVP messages.

The message replay prevention algorithm is quite simple. The sender

generates packets with monotonically increasing sequence numbers. In

turn, the receiver only accepts packets that have a larger sequence

number than th...