[Rsvp] RE: doubt
Bob Lindell
lindell@ISI.EDU
Fri, 24 Jan 2003 11:10:34 -0800
> my personal opinion: the policy objects tried to repair the missing key
> management to some extend (i.e. they provide the user identity for the
> purpose of policy based admission control).
No. Policy and hop-by-hop integrity perform complementary functions.
Hop-by-hop integrity authenticates that the message came from a trusted
neighboring router in the signaling path and that the contents have
not been modified in-route.
Policy identifies the sender of the request and is the basis for
policy based admission control and charging. A sender gets
charged for a request, not an intermediate router in the signaling
path.
>
> the hop-by-hop security is perfectly fine for the charging model currently
> used in the internet. i will send around a document giving detailed reason
> s
> for this statement in the near future.
No. See above.
Bob