[Rsvp] RE: doubt

Tschofenig Hannes Hannes.Tschofenig@mchp.siemens.de
Thu, 23 Jan 2003 12:50:56 +0100 

hi bob!

sometimes it would be good if a error message (such as a path error) is only
send to an intermediate host. you might remember the security discussion
where a path message hits a node (the path msg contains an integrity object)
but unfortunately the path changed and the cryptographic verification fails.
hence the path message is returned to the data sender which is of no help. 

example:

      /-------> b
a ----  
      \-------> c

router a forwards a path message and includes an integrity object. he
assumes that the message is send to router b. unfortunately it is send to
router c (because of a route change). imagine there is an entire network
between a and b/c. 

hence cryptopgraphic verification fails at router c. he transmits a path
error message back to the data source. this verification failure is only a
problem between the participating routers. Ideally, router a would recognize
this path change and would add a new integrity object with the security
association shared with router c. 

ciao
hannes


> -----Original Message-----
> From: owner-rsvp@ISI.EDU [mailto:owner-rsvp@ISI.EDU]On Behalf Of Bob
> Braden
> Sent: Tuesday, September 17, 2002 12:01 AM
> To: rsvp@ISI.EDU; hemanth_khare@rediffmail.com
> Cc: schultz@io.iol.unh.edu
> Subject: Re: doubt
> 
> 
>   *>    After reading this section what i have in mind is 
> that error in 
>   *> the PERR message will be reported to the sender (data source).
>   *> 
>   *>    But the error may be caused by the intermediate 
> nodes. In that 
>   *> case error must be reported intermediate node and not to sender 
>   *> application (data source).
>   *> 
> 
> What good would it do to notify intermediate nodes, when the
> error is caused by erroneous data from the sender RSVP?
> Only the sender is in a position to correct the error.
> 
> Bob Braden
> 
>   *>    Please let me know ur thoughts on this aspect.
>   *> 
>   *> TIA and Regards,
>   *> -hemanth
>   *> __________________________________________________________
>   *> Give your Company an email address like
>   *> ravi @ ravi-exports.com.  Sign up for Rediffmail Pro today!
>   *> Know more. http://www.rediffmailpro.com/signup/
>   *>