RFC 2747 (rfc2747) - Page 1 of 21


RSVP Cryptographic Authentication



Alternative Format: Original Text Document



Network Working Group                                           F. Baker
Request for Comments: 2747                                         Cisco
Category: Standards Track                                     B. Lindell
                                                                 USC/ISI
                                                               M. Talwar
                                                               Microsoft
                                                            January 2000


                   RSVP Cryptographic Authentication


Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document describes the format and use of RSVP's INTEGRITY object
   to provide hop-by-hop integrity and authentication of RSVP messages.

1.  Introduction

   The Resource ReSerVation Protocol RSVP [1] is a protocol for setting
   up distributed state in routers and hosts, and in particular for
   reserving resources to implement integrated service.  RSVP allows
   particular users to obtain preferential access to network resources,
   under the control of an admission control mechanism.  Permission to
   make a reservation will depend both upon the availability of the
   requested resources along the path of the data, and upon satisfaction
   of policy rules.

   To ensure the integrity of this admission control mechanism, RSVP
   requires the ability to protect its messages against corruption and
   spoofing.  This document defines a mechanism to protect RSVP message
   integrity hop-by-hop.  The proposed scheme transmits an
   authenticating digest of the message, computed using a secret
   Authentication Key and a keyed-hash algorithm.  This scheme provides
   protection against forgery or message modification.  The INTEGRITY
   object of each RSVP message is tagged with a one-time-use sequence



Baker, et al.               Standards Track