One document matched: draft-tschofenig-nsis-casp-midcom-01.ps
%!PS-Adobe-2.0
%%Creator: dvips(k) 5.86 Copyright 1999 Radical Eye Software
%%Title: draft-tschofenig-nsis-casp-midcom-01.dvi
%%Pages: 38
%%PageOrder: Ascend
%%BoundingBox: 0 0 596 842
%%DocumentFonts: Times-Roman Times-Bold Helvetica Courier Times-Italic
%%DocumentPaperSizes: a4
%%EndComments
%DVIPSWebPage: (www.radicaleye.com)
%DVIPSCommandLine: dvips draft-tschofenig-nsis-casp-midcom-01
%DVIPSParameters: dpi=600, compressed
%DVIPSSource: TeX output 2003.03.03:1453
%%BeginProcSet: texc.pro
%!
/TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72
mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0
0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{
landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize
mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[
matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round
exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{
statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0]
N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin
/FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array
/BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2
array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N
df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A
definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get
}B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub}
B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr
1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3
1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx
0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx
sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{
rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp
gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B
/chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{
/cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{
A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy
get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse}
ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp
fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17
{2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add
chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{
1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop}
forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn
/BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put
}if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{
bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A
mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{
SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{
userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X
1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4
index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N
/p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{
/Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT)
(LaserWriter 16/600)]{A length product length le{A length product exch 0
exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse
end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask
grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot}
imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round
exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto
fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p
delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M}
B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{
p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S
rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end
%%EndProcSet
%%BeginProcSet: 8r.enc
% @@psencodingfile@{
% author = "S. Rahtz, P. MacKay, Alan Jeffrey, B. Horn, K. Berry",
% version = "0.6",
% date = "22 June 1996",
% filename = "8r.enc",
% email = "kb@@mail.tug.org",
% address = "135 Center Hill Rd. // Plymouth, MA 02360",
% codetable = "ISO/ASCII",
% checksum = "119 662 4424",
% docstring = "Encoding for TrueType or Type 1 fonts to be used with TeX."
% @}
%
% Idea is to have all the characters normally included in Type 1 fonts
% available for typesetting. This is effectively the characters in Adobe
% Standard Encoding + ISO Latin 1 + extra characters from Lucida.
%
% Character code assignments were made as follows:
%
% (1) the Windows ANSI characters are almost all in their Windows ANSI
% positions, because some Windows users cannot easily reencode the
% fonts, and it makes no difference on other systems. The only Windows
% ANSI characters not available are those that make no sense for
% typesetting -- rubout (127 decimal), nobreakspace (160), softhyphen
% (173). quotesingle and grave are moved just because it's such an
% irritation not having them in TeX positions.
%
% (2) Remaining characters are assigned arbitrarily to the lower part
% of the range, avoiding 0, 10 and 13 in case we meet dumb software.
%
% (3) Y&Y Lucida Bright includes some extra text characters; in the
% hopes that other PostScript fonts, perhaps created for public
% consumption, will include them, they are included starting at 0x12.
%
% (4) Remaining positions left undefined are for use in (hopefully)
% upward-compatible revisions, if someday more characters are generally
% available.
%
% (5) hyphen appears twice for compatibility with both ASCII and Windows.
%
/TeXBase1Encoding [
% 0x00 (encoded characters from Adobe Standard not in Windows 3.1)
/.notdef /dotaccent /fi /fl
/fraction /hungarumlaut /Lslash /lslash
/ogonek /ring /.notdef
/breve /minus /.notdef
% These are the only two remaining unencoded characters, so may as
% well include them.
/Zcaron /zcaron
% 0x10
/caron /dotlessi
% (unusual TeX characters available in, e.g., Lucida Bright)
/dotlessj /ff /ffi /ffl
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
% very contentious; it's so painful not having quoteleft and quoteright
% at 96 and 145 that we move the things normally found there down to here.
/grave /quotesingle
% 0x20 (ASCII begins)
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash
% 0x30
/zero /one /two /three /four /five /six /seven
/eight /nine /colon /semicolon /less /equal /greater /question
% 0x40
/at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O
% 0x50
/P /Q /R /S /T /U /V /W
/X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore
% 0x60
/quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o
% 0x70
/p /q /r /s /t /u /v /w
/x /y /z /braceleft /bar /braceright /asciitilde
/.notdef % rubout; ASCII ends
% 0x80
/.notdef /.notdef /quotesinglbase /florin
/quotedblbase /ellipsis /dagger /daggerdbl
/circumflex /perthousand /Scaron /guilsinglleft
/OE /.notdef /.notdef /.notdef
% 0x90
/.notdef /.notdef /.notdef /quotedblleft
/quotedblright /bullet /endash /emdash
/tilde /trademark /scaron /guilsinglright
/oe /.notdef /.notdef /Ydieresis
% 0xA0
/.notdef % nobreakspace
/exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot
/hyphen % Y&Y (also at 45); Windows' softhyphen
/registered
/macron
% 0xD0
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /periodcentered
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
% 0xC0
/Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
% 0xD0
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
% 0xE0
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
% 0xF0
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndProcSet
%%BeginProcSet: texps.pro
%!
TeXDict begin/rf{findfont dup length 1 add dict begin{1 index/FID ne 2
index/UniqueID ne and{def}{pop pop}ifelse}forall[1 index 0 6 -1 roll
exec 0 exch 5 -1 roll VResolution Resolution div mul neg 0 0]/Metrics
exch def dict begin Encoding{exch dup type/integertype ne{pop pop 1 sub
dup 0 le{pop}{[}ifelse}{FontMatrix 0 get div Metrics 0 get div def}
ifelse}forall Metrics/Metrics currentdict end def[2 index currentdict
end definefont 3 -1 roll makefont/setfont cvx]cvx def}def/ObliqueSlant{
dup sin S cos div neg}B/SlantFont{4 index mul add}def/ExtendFont{3 -1
roll mul exch}def/ReEncodeFont{CharStrings rcheck{/Encoding false def
dup[exch{dup CharStrings exch known not{pop/.notdef/Encoding true def}
if}forall Encoding{]exch pop}{cleartomark}ifelse}if/Encoding exch def}
def end
%%EndProcSet
TeXDict begin 39158280 55380996 1000 600 600
(draft-tschofenig-nsis-casp-midcom-01.dvi) @start /Fa
134[37 1[55 1[42 23 32 32 1[42 42 42 60 23 37 1[23 42
42 1[37 42 37 1[42 9[69 3[42 2[51 1[55 69 2[37 28 4[60
55 1[51 18[21 1[21 2[28 28 40[{TeXBase1Encoding ReEncodeFont}33
83.022 /Times-Italic rf
%DVIPSBitmapFont: Fb cmmi10 10.95 2
/Fb 2 63 df<183818FC1703EF0FF8EF3FE0EFFF80933803FE00EE0FF8EE3FE0EEFF80DB
03FEC7FCED0FF8ED3FE0EDFF80DA03FEC8FCEC0FF8EC3FE0ECFF80D903FEC9FCEB0FF8EB
3FE0EBFF80D803FECAFCEA0FF8EA3FE0EA7F8000FECBFCA2EA7F80EA3FE0EA0FF8EA03FE
C66C7EEB3FE0EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80ED3FE0ED0F
F8ED03FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FC17001838
363678B147>60 D<126012F8B4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FC
EB01FF9038007FC0EC1FF0EC07FCEC01FF9138007FC0ED1FF0ED07FCED01FF9238007FC0
EE1FF0EE07FCEE01FF9338007FC0EF1FF0EF07F8EF01FCA2EF07F8EF1FF0EF7FC0933801
FF00EE07FCEE1FF0EE7FC04B48C7FCED07FCED1FF0ED7FC04A48C8FCEC07FCEC1FF0EC7F
C04948C9FCEB07FCEB1FF0EB7FC04848CAFCEA07FCEA1FF0EA7FC048CBFC12FC12703636
78B147>62 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fc cmsy10 10.95 2
/Fc 2 16 df<007FB812F8B912FCA26C17F83604789847>0 D<EB0FFCEB3FFF90B512C0
000314F04880488048804880A2481580A3B712C0AA6C1580A36C1500A26C5C6C5C6C5C6C
5CC614C0013F90C7FCEB0FFC22227BA72D>15 D E
%EndDVIPSBitmapFont
/Fd 166[53 3[53 44 40 49 1[40 53 53 65 44 2[24 53 53
1[44 3[53 65[{TeXBase1Encoding ReEncodeFont}15 72.7272
/Times-Roman rf /Fe 103[55 15[55 10[55 55 55 55 55 55
55 1[55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55
55 55 55 55 55 1[55 1[55 1[55 3[55 2[55 55 55 1[55 55
55 55 3[55 55 1[55 55 55 55 55 55 55 1[55 55 55 55 55
55 55 55 55 55 1[55 55 55 55 55 55 55 55 55 1[55 55 5[55
34[{TeXBase1Encoding ReEncodeFont}72 90.9091 /Courier
rf /Ff 133[40 45 45 66 45 51 30 35 40 51 51 45 51 76
25 51 30 25 51 45 30 40 51 40 51 45 9[91 66 66 61 51
66 71 56 71 66 86 61 2[35 71 71 56 61 66 66 61 66 6[30
45 45 45 45 45 45 45 45 45 45 2[30 3[30 30 30 36[51 2[{
TeXBase1Encoding ReEncodeFont}63 90.9091 /Times-Bold
rf /Fg 107[37 37 24[37 42 42 60 42 42 23 32 28 42 42
42 42 65 23 42 1[23 42 42 28 37 42 37 42 37 3[28 1[28
1[60 60 78 60 60 51 46 55 60 46 60 60 74 51 60 32 28
60 60 46 51 60 55 55 60 6[23 42 42 42 42 42 42 42 42
42 42 1[21 28 21 2[28 28 37[46 2[{TeXBase1Encoding ReEncodeFont}71
83.022 /Times-Roman rf /Fh 139[28 32 37 14[37 46 42 31[60
65[{TeXBase1Encoding ReEncodeFont}7 83.022 /Times-Bold
rf /Fi 133[45 1[45 66 1[51 25 45 30 1[51 51 51 76 20
45 1[20 51 51 25 51 51 45 51 51 12[56 5[66 5[66 7[92
5[25 10[25 25 46[{TeXBase1Encoding ReEncodeFont}29 90.9091
/Helvetica rf /Fj 133[44 50 50 72 50 55 33 39 44 55 55
50 55 83 28 55 33 28 55 50 33 44 55 44 55 50 12[66 55
72 1[61 78 72 94 66 2[39 2[61 66 72 72 1[72 7[50 50 50
50 50 50 50 50 50 50 28 25 33 45[{TeXBase1Encoding ReEncodeFont}53
99.6264 /Times-Bold rf /Fk 134[60 1[86 60 66 40 47 53
1[66 60 66 100 33 66 40 33 66 60 40 53 66 53 66 60 12[80
66 86 1[73 93 86 1[80 2[47 1[93 73 1[86 86 80 86 7[60
60 60 60 60 60 60 60 60 60 33 1[40 5[40 36[66 2[{
TeXBase1Encoding ReEncodeFont}51 119.552 /Times-Bold
rf /Fl 133[33 2[54 1[37 21 29 25 2[37 37 58 21 37 1[21
37 37 25 33 1[33 37 33 11[54 46 42 4[54 5[54 4[50 1[54
17[21 19 1[19 44[{TeXBase1Encoding ReEncodeFont}29 74.7198
/Times-Roman rf /Fm 105[45 1[40 40 24[40 45 45 66 45
45 25 35 30 45 45 45 45 71 25 45 25 25 45 45 30 40 45
40 45 40 3[30 1[30 1[66 66 86 66 66 56 51 61 66 51 66
66 81 56 1[35 30 66 66 51 56 66 61 61 66 84 40 1[51 2[25
45 45 45 45 45 45 45 45 45 45 25 23 30 23 2[30 30 30
35[51 51 2[{TeXBase1Encoding ReEncodeFont}78 90.9091
/Times-Roman rf end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%BeginPaperSize: a4
a4
%%EndPaperSize
%%EndSetup
%%Page: 1 1
1 0 bop 0 87 a Fm(Internet)25 b(Engineering)i(T)-7 b(ask)23
b(F)o(orce)0 200 y(INTERNET)-8 b(-DRAFT)1878 b Fl(H.)18
b(Tschofenig,)h(H.)g(Schulzrinne,)g(C.)f(Aoun)0 313 y
Fm(draft-tschofenig-ns)q(is-)q(cas)q(p-mid)q(co)q(m-01)q(.ps)1179
b Fl(Siemens/Columbia)19 b(U./Nortel)f(Netw)o(orks)3317
426 y Fm(March)24 b(3,)f(2003)2926 539 y(Expires:)30
b(September)24 b(2003)855 724 y Fk(A)30 b(Fir)n(ewall/N)n(A)-11
b(T)31 b(T)-9 b(ra)m(v)o(ersal)29 b(Client)i(f)m(or)f(CASP)0
970 y Fj(Status)c(of)f(this)f(Memo)0 1144 y Fm(This)d(document)i(is)d
(an)h(Internet-Draft)k(and)c(is)g(in)g(full)g(conformance)j(with)d(all)
g(pro)o(visions)j(of)d(Section)h(10)f(of)g(RFC2026.)141
1257 y(Internet-Drafts)28 b(are)d(w)o(orking)h(documents)h(of)e(the)g
(Internet)h(Engineering)h(T)-7 b(ask)25 b(F)o(orce)f(\(IETF\),)f(its)i
(areas,)h(and)f(its)0 1370 y(w)o(orking)g(groups.)30
b(Note)24 b(that)g(other)g(groups)h(may)f(also)g(distrib)n(ute)i(w)o
(orking)f(documents)h(as)d(Internet-Drafts.)141 1483
y(Internet-Drafts)30 b(are)c(draft)h(documents)i(v)n(alid)e(for)f(a)g
(maximum)g(of)h(six)f(months)i(and)e(may)g(be)h(updated,)h(replaced,)0
1596 y(or)c(obsoleted)j(by)d(other)h(documents)h(at)e(an)o(y)h(time.)30
b(It)24 b(is)g(inappropriate)k(to)c(use)g(Internet-Drafts)k(as)c
(reference)i(material)0 1709 y(or)d(to)h(cite)g(them)f(other)i(than)f
(as)g(\223w)o(ork)g(in)f(progress.)-6 b(\224)141 1822
y(The)23 b(list)h(of)g(current)h(Internet-Drafts)i(can)d(be)f(accessed)
j(at)d(http://www)-6 b(.ietf.or)n(g/ietf/1id)q(-ab)q(str)q(act)q(s.txt)
141 1935 y(T)f(o)23 b(vie)n(w)g(the)h(list)f(Internet-Draft)k(Shado)n
(w)c(Directories,)j(see)e Fi(http://www)-5 b(.ietf)m(.org/shado)o(w)g
(.html)p Fm(.)0 2181 y Fj(Copyright)25 b(Notice)0 2342
y Fm(Cop)o(yright)h(\(c\))d(The)g(Internet)j(Society)e(\(2003\).)30
b(All)23 b(Rights)i(Reserv)o(ed.)1796 2502 y Fh(Abstract)352
2620 y Fg(This)c(document)d(describes)i(a)h(CASP)h(client)f(protocol)d
(that)j(allo)n(ws)g(nodes)f(to)g(signal)h(information)d(to)j(\002re)n
(w)o(alls)227 2720 y(both)e(in)h(an)g(in-path)e(and)h(of)n(f-path)f(f)o
(ashion.)24 b(The)19 b(protocol)f(furthermore)f(allo)n(ws)i(to)h
(establish)g(a)g(N)m(A)-9 b(T)20 b(binding)e(and)227
2820 y(to)j(pro)o(vide)d(the)j(signaling)f(initiator)g(with)g(the)h(N)m
(A)-9 b(T)20 b(information.)k(This)d(is)g(information)d(can)j(then)f
(be)g(used)h(within)227 2919 y(other)f(protocols)e(such)i(as)h(SIP)-9
b(.)0 3209 y Fk(Contents)0 3416 y Ff(1)91 b(Intr)n(oduction)3227
b(2)0 3620 y(2)91 b(De\002nitions)3300 b(2)0 3824 y(3)91
b(General)24 b(Limits)f(of)h(In-P)o(ath)f(Fir)n(ewall)h(Signaling)1982
b(3)0 4027 y(4)91 b(T)-7 b(rust)24 b(Relationships)2961
b(5)136 4140 y Fm(4.1)96 b(Peer)n(-to-Peer)26 b(T)m(rust)d
(Relationship)35 b(.)45 b(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)
g(.)g(.)g(.)128 b(5)136 4253 y(4.2)96 b(Intra-domain)27
b(T)m(rust)c(Relationship)81 b(.)45 b(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h
(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)
f(.)g(.)g(.)g(.)g(.)128 b(7)136 4366 y(4.3)96 b(Required)25
b(End-to-Middle)i(T)m(rust)c(Relationship)68 b(.)45 b(.)g(.)h(.)f(.)g
(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)
g(.)g(.)g(.)128 b(8)136 4479 y(4.4)96 b(Missing)25 b(Netw)o
(ork-to-Netw)o(ork)i(T)m(rust)c(Relationship)88 b(.)45
b(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f
(.)g(.)g(.)g(.)g(.)128 b(9)136 4592 y(4.5)96 b(Of)n(f-P)o(ath)24
b(Signaling)85 b(.)45 b(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)
g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82 b(12)0 4796 y Ff(5)91
b(Assumptions)3173 b(12)0 5000 y(6)91 b(N)n(A)-9 b(T)23
b(In)l(v)o(olv)o(ement)2991 b(12)0 5203 y(7)91 b(Operation)3275
b(14)0 5407 y(8)91 b(T)-7 b(ypical)24 b(P)n(olicy)h(Rule)d(Attrib)n
(utes)2505 b(16)p eop
%%Page: 2 2
2 1 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Ff(9)91 b(Objects)3376 b(16)136 511 y Fm(9.1)96
b(Logging)25 b(Action)55 b(.)45 b(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g
(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)
g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82
b(16)136 624 y(9.2)96 b(ApplicationID)42 b(.)j(.)g(.)h(.)f(.)g(.)g(.)g
(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)
h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82
b(16)136 737 y(9.3)96 b(Ne)o(xt)48 b(.)d(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)
f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)
g(.)g(.)g(.)82 b(17)136 850 y(9.4)96 b(Authorization)27
b(T)-7 b(ok)o(en)86 b(.)45 b(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)
g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82 b(17)136 963 y(9.5)96
b(CMS)22 b(Credential)k(Object)47 b(.)e(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h
(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)
f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82 b(17)136 1076
y(9.6)96 b(T)m(ime)34 b(.)45 b(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g
(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)
g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g
(.)82 b(17)136 1189 y(9.7)96 b(Age)72 b(.)45 b(.)h(.)f(.)g(.)g(.)g(.)g
(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)
f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f
(.)g(.)g(.)g(.)g(.)82 b(17)136 1302 y(9.8)96 b(Status)70
b(.)46 b(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)
g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g
(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82 b(17)0
1506 y Ff(10)46 b(Basic)24 b(Pr)n(otocol)h(Beha)n(vior)2744
b(18)136 1619 y Fm(10.1)51 b(Recei)n(v)o(er)n(-Initiated)28
b(Message)d(Flo)n(w)d(with)i(Fire)n(w)o(alls)50 b(.)c(.)f(.)g(.)g(.)g
(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)
g(.)82 b(18)136 1731 y(10.2)51 b(Sender)n(-Initiated)28
b(Message)d(Flo)n(w)d(with)i(Fire)n(w)o(alls)49 b(.)c(.)h(.)f(.)g(.)g
(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)
g(.)g(.)82 b(20)136 1844 y(10.3)51 b(Recei)n(v)o(er)n(-Initiated)28
b(Message)d(Flo)n(w)d(with)i(a)f(Fire)n(w)o(all)g(and)h(a)f(N)m(A)-10
b(T)85 b(.)45 b(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g
(.)g(.)82 b(22)136 1957 y(10.4)51 b(Sender)n(-Initiated)28
b(Message)d(Flo)n(w)d(with)i(a)f(Fire)n(w)o(all)g(and)h(a)f(N)m(A)-10
b(T)83 b(.)46 b(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g
(.)g(.)g(.)82 b(24)136 2070 y(10.5)51 b(Sender)n(-Initiated)28
b(N)m(A)-10 b(T/Fire)n(w)o(all)22 b(T)m(ra)n(v)o(ersal)j(with)e
(Authorization)k(T)-7 b(ok)o(en)50 b(.)45 b(.)g(.)h(.)f(.)g(.)g(.)g(.)h
(.)f(.)g(.)g(.)g(.)g(.)82 b(26)136 2183 y(10.6)51 b(Sender)n
(-Initiated)28 b(Fire)n(w)o(all)c(Signaling)h(only)f(at)g(the)f(Access)
i(Netw)o(ork)33 b(.)45 b(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)
g(.)g(.)g(.)82 b(28)136 2296 y(10.7)51 b(Sender)n(-Initiated)28
b(N)m(A)-10 b(T)21 b(and)j(Fire)n(w)o(all)g(T)m(ra)n(v)o(ersal)h
(within)f(the)f(Access)i(Netw)o(ork)53 b(.)45 b(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)g(.)82 b(30)0 2500 y Ff(11)46 b(Security)24
b(Considerations)2743 b(32)136 2613 y Fm(11.1)51 b(Threats)89
b(.)45 b(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)
h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h
(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82 b(32)136
2726 y(11.2)51 b(Countermeasures)73 b(.)46 b(.)f(.)g(.)g(.)g(.)h(.)f(.)
g(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)h(.)f(.)g
(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)h(.)f(.)g(.)g(.)g(.)g(.)82
b(33)0 2929 y Ff(12)46 b(Conclusion)3239 b(34)0 3133
y(13)46 b(Open)22 b(Issues)3207 b(35)0 3337 y(14)46 b(Ackno)o
(wledgements)2922 b(35)0 3541 y(A)70 b(Object)24 b(F)n(ormat)f(Details)
2808 b(36)0 3745 y(B)75 b(A)-5 b(uthors')24 b(Addr)n(esses)2915
b(37)0 4037 y Fk(1)119 b(Intr)n(oduction)0 4244 y Fm(CASP-N)m(A)-10
b(TFW)21 b(is)26 b(a)f(client)i(protocol)g(for)f(the)g
(Cross-Application)j(Signaling)f(Protocol)f(\(CASP\))c([1)q(].)34
b(It)26 b(is)f(one)h(of)g(a)0 4357 y(f)o(amily)19 b(of)g(CASP)d(client)
k(protocols)h(and)e(allo)n(ws)g(the)g(signaling)j(of)c(\002re)n(w)o
(all)h(and)g(N)m(A)-10 b(T)16 b(information)21 b(along)f(the)f(data)g
(path)0 4470 y(\(in-path\))31 b(in)e(a)g(topology)j(independent)g
(manner)-5 b(.)46 b(CASP-N)m(A)-10 b(TFW)25 b(aims)k(to)g(address)i
(issues)g(raised)f(and)g(not)f(solv)o(ed)0 4583 y(within)22
b(the)g(MIDCOM)e(w)o(orking)j(group)g([2)q(])e(and)h(uses)h(ideas)f
(for)g(in-path)i(signaling)g(using)f(RSVP)c(as)j(described)i(in)e([3)q
(])0 4696 y(and)i(in)f([4)q(].)0 4989 y Fk(2)119 b(De\002nitions)0
5196 y Fm(T)-6 b(erms)23 b(in)g(conte)o(xt)i(with)e(trust)i
(relationships)i(are)d(described)i(in)d([5)q(].)141 5309
y(The)g(follo)n(wing)i(terms)f(are)g(used)g(in)f(this)i(document:)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)750
b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(2])p eop
%%Page: 3 3
3 2 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Ff(P)n(olicy)h(Rule:)46 b Fm(The)28 b(term)h(polic)o(y)h(rule)f
(is)f(used)i(as)f(de\002ned)g(in)g([6)q(].)44 b(A)27
b(polic)o(y)j(rule)f(consists)i(of)e(tw)o(o)f(components:)43
b(a)227 511 y(pack)o(et)34 b(\002lter)f(and)g(an)f(action)i(to)e(be)h
(performed)h(on)f(pack)o(ets)h(matching)g(the)f(pack)o(et)h(\002lter)e
(e)o(xpression.)58 b(This)227 624 y(document)35 b(uses)f(tw)o(o)f
(actions)i(for)f(a)f(polic)o(y)h(rule:)49 b(allo)n(w)34
b(without)g(logging)h(and)f(allo)n(w)f(with)g(logging.)60
b(Per)n(-)227 737 y(def)o(ault)28 b(no)f(logging)h(is)f(used.)38
b(If)26 b(logging)i(is)e(desired)i(then)g(it)e(has)g(to)h(be)f
(speci\002ed)i(as)e(described)j(in)e(Section)g(9.)227
850 y(As)22 b(stated)h(in)g([6])f(it)g(w)o(as)g(agreed)i(not)f(to)f
(specify)i(a)e(den)o(y)h(action)h(for)e(polic)o(y)i(rule.)29
b(Hence)23 b(there)g(is)f(no)g(such)i(den)o(y)227 963
y(action)h(de\002ned)g(in)e(this)h(document.)227 1113
y(In)g(the)g(conte)o(xt)h(of)f(N)m(A)-10 b(T)j(,)22 b(as)h(de\002ned)i
(in)f([7],)f(basic)i(N)m(A)-10 b(T)j(,)22 b(N)m(APT)f(and)j(twice)g(N)m
(A)-10 b(T)22 b(could)j(be)e(applied)j(to)e(pack)o(et)227
1226 y(\003o)n(ws)f(matching)i(the)f(pack)o(et)h(\002lter)-5
b(.)0 1414 y Ff(P)n(olicy)24 b(Gr)n(oups:)46 b Fm(The)25
b(term)g(polic)o(y)h(group)g(is)f(not)g(used)h(in)f(this)g(document)i
(since)f(its)f(meaning)h(is)f(partially)i(captured)227
1527 y(by)21 b(the)h(pack)o(et)g(\002lter)-5 b(.)28 b(A)20
b(pack)o(et)j(\002lter)e(allo)n(ws)g(v)n(arious)i(attrib)n(utes)g(\(e)n
(v)o(en)f(lists)g(and)f(ranges)i(of)e(certain)h(attrib)n(utes\))227
1640 y(to)37 b(be)f(speci\002ed.)69 b(In)36 b(case)h(of)f(in-path)i
(signaling)h(only)e(one)g(particular)i(destination)h(IP)35
b(address)j(\(which)f(is)227 1753 y(a)n(v)n(ailable)f(in)d(the)h(CASP)d
(NTLP)g(payload\))36 b(can)e(be)f(speci\002ed.)60 b(More)33
b(\002ne)g(grain)i(pack)o(et)g(\002lters)f(ha)n(v)o(e)g(to)f(be)227
1866 y(speci\002ed)e(in)e(the)h(CASP)d(NSLP)g(payload)k(\(in)e(this)h
(case)g(CASP-N)m(A)-10 b(TFW\).)25 b(F)o(or)k(of)n(f-path)i(signaling)h
(this)e(rule)227 1978 y(must)24 b(not)g(hold.)0 2166
y Ff(Lifetime)g(of)f(P)n(olicy)i(Rules:)46 b Fm(An)31
b(NSLP)e(is)j(allo)n(wed)h(to)f(specify)i(the)e(lifetime)h(for)f(polic)
o(y)h(rule.)55 b(The)31 b(lifetime)i(cor)n(-)227 2279
y(responds)g(to)d(the)h(refresh)h(interv)n(al.)51 b(If)30
b(no)h(lifetime)g(or)f(refresh)i(interv)n(al)g(is)f(selected)h(then)f
(a)f(def)o(ault)i(v)n(alue)f(is)227 2392 y(used.)0 2579
y Ff(P)o(ack)o(et)23 b(\002lter)h(\(PF\):)45 b Fm(The)23
b(term)f(pack)o(et)i(\002lter)f(refers)h(to)f(attrib)n(utes)i
(describing)h(subsets)e(of)f(the)g(data)g(traf)n(\002c)g(for)g(which)
227 2692 y(a)i(speci\002c)g(beha)n(vior)i(should)g(be)e(pro)o(vided.)34
b(The)24 b(term)h(\003o)n(w)e(identi\002er)j(is)f(also)g(often)h(used)g
(in)e(the)h(area)h(of)e(QoS)227 2805 y(signaling)i(protocols.)32
b(F)o(or)22 b(N)m(A)-10 b(T)22 b(tra)n(v)o(ersal)j(a)e(pack)o(et)i
(\002lter)f(\(or)f(\003o)n(w)g(identi\002er\))i(refers)f(to)g(a)f(N)m
(A)-10 b(T)21 b(binding.)141 3018 y(The)k(terms)h(in-path)i(\(of)n
(f-path\))g(signaling)g(can)e(be)g(used)h(inter)n(-changable)j(with)25
b(path-coupled)30 b(\(path-decoupled\))0 3131 y(signaling.)0
3423 y Fk(3)119 b(General)31 b(Limits)e(of)g(In-P)o(ath)h(Fir)n(ewall)h
(Signaling)0 3630 y Fm(At)26 b(the)g(be)o(ginning)j(of)d(this)h
(document)i(it)d(is)g(w)o(orth)h(stating)h(that)f(the)g(problem)g(of)g
(\002re)n(w)o(all)f(signaling)j(is)d(addressed)j(by)0
3743 y(a)h(number)h(of)g(w)o(orking)h(groups.)51 b(This)30
b(section)i(pro)o(vides)h(a)d(brief)h(o)o(v)o(ervie)n(w)g(of)g(some)f
(of)h(the)f(recent)i(acti)n(vities)h(and)0 3856 y(describes)26
b(the)e(general)h(limits)f(of)f(in-path)j(\002re)n(w)o(all)d
(signaling.)141 3969 y(The)e(follo)n(wing)j(w)o(orking)f(groups)g(or)f
(acti)n(vities)i(at)d(the)h(IETF)e(ha)n(v)o(e)i(a)g(relationship)j(to)d
(polic)o(y)g(rule)h(installation)i(and)0 4082 y(\002re)n(w)o(all)e
(communication)k(in)c(general:)141 4195 y(T)-7 b(o)27
b(address)i(a)e(single)i(de)n(vice)g(at)e(the)h(borders)i(of)d(the)h
(access)h(netw)o(orks)g(\(i.e.)41 b(the)28 b(\002rst)f(IP)g(de)n
(vice\))i(is)e(co)o(v)o(ered)i(by)0 4308 y(the)j(P)-8
b(AN)m(A)29 b(w)o(orking)k(group)g(to)e(implement)i(the)f
(controlled/uncontro)q(lle)q(d)37 b(netw)o(ork)c(access)g(procedures.)
56 b(Thereby)0 4421 y(authentication)35 b(of)c(a)g(user)h(or)f(a)g(de)n
(vice)h(with)f(the)g(help)h(of)f(EAP)e(is)i(required)i(to)e(create)i
(polic)o(y)f(rules)g(at)f(the)g(\002rst)g(IP)0 4534 y(de)n(vice.)f
(This)22 b(subsequently)27 b(allo)n(ws)c(the)g(end)g(host)h(to)e(forw)o
(ard)i(pack)o(ets)h(to)e(the)g(Internet)h(or)f(to)g(access)h(services)h
(within)0 4647 y(the)f(local)g(domain.)141 4759 y(The)32
b(MIDCOM)e(w)o(orking)j(group)g(also)g(aims)f(to)g(install)h(polic)o(y)
g(rules)g(at)f(\002re)n(w)o(alls.)54 b(Ho)n(we)n(v)o(er)l(,)34
b(their)f(approach)0 4872 y(seems)21 b(to)g(be)g(focused)i(on)e(of)n
(f-path)i(signaling.)30 b(Additionally)24 b(of)d(interest)i(are)e(acti)
n(vities)i(related)g(to)e(Endpoint)h(Fire)n(w)o(all)0
4985 y(Controll,)j(RSIP)c(and)j(Socks.)141 5098 y(T)-7
b(o)23 b(pro)o(vide)i(a)f(generic)h(solution)h(to)e(install)h(state)g
(at)e(a)h(possibly)i(lar)n(ge)f(number)g(of)f(\002re)n(w)o(alls)f
(along)i(the)g(path)f(some)0 5211 y(trust)f(must)f(be)g(placed)i(on)e
(de)n(vices)i(along)g(the)e(path.)29 b(If)22 b(no)g(such)h(trust)g(is)f
(a)n(v)n(ailable)j(which)e(might)f(be)g(lik)o(ely)i(the)e(case)h(in)0
5324 y(an)h(adhoc)g(netw)o(ork)h(scenario)h(as)d(sho)n(wn)h(in)f
(Figure)i(1)e(then)h(\002re)n(w)o(all)f(signaling)j(is)e(doomed)g(to)g
(f)o(ail.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g
(Aoun)750 b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(3])p eop
%%Page: 4 4
4 3 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(An)h(adhoc)h(netw)o(orks)h(consists)g(of)e(a)f(number)i(of)f
(nodes)i(between)f(the)f(end)h(host)g(\(Node)f(A\))f(and)i(the)f(ISP)f
(to)h(which)0 511 y(Node)e(A)f(w)o(ants)i(to)f(get)h(access.)30
b(Although)24 b(Node)e(A)f(uses)i(an)f(authentication)27
b(and)c(k)o(e)o(y)f(e)o(xchange)i(protocol)h(to)d(create)i(a)0
624 y(polic)o(y)g(rule)f(at)g(the)g(\002re)n(w)o(all)f(1)h(it)f(is)h
(still)g(possible)i(for)e(an)g(untrusted)i(node)f(\(in)f(this)g(case)h
(Node)e(3\))h(to)g(inject)h(data)f(traf)n(\002c)0 737
y(which)j(will)g(pass)h(Fire)n(w)o(all)f(1)g(since)h(the)f(data)h(traf)
n(\002c)f(is)g(unauthenticated.)41 b(T)-7 b(o)25 b(pre)n(v)o(ent)i
(this)g(type)f(of)g(threat)i(protocols)0 850 y(de)n(v)o(eloped)h(in)d
(the)h(IPSEC)d(or)j(the)g(IPSRA)d(w)o(orking)k(group,)g(which)f
(establish)i(a)d(security)j(association)g(to)e(protect)h(the)0
963 y(data)c(traf)n(\002c,)f(can)h(be)g(used.)141 1076
y(T)-7 b(o)25 b(summarize:)34 b(In)26 b(man)o(y)g(cases)g(in-path)i
(polic)o(y)f(rule)f(installation)j(might)d(pro)o(vide)h(enough)h
(security)f(protection)0 1189 y(to)i(pre)n(v)o(ent)h(unauthorized)i
(nodes)e(from)f(gaining)h(access)g(to)f(netw)o(ork)h(resources.)46
b(Ho)n(we)n(v)o(er)l(,)30 b(due)f(to)g(the)g(absence)h(of)0
1302 y(per)n(-pack)o(et)d(authentication)h(man-in-the-middle)g(attacks)
d(of)f(malicious)h(nodes)g(along)g(the)f(path)h(cannot)g(be)f(pre)n(v)o
(ented)0 1415 y(by)g(installed)h(polic)o(y)g(rules.)55
1647 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o
(---)o(--)o(--)o(--)o(--)o(-+)430 b(+--------//)55 1760
y(|)1581 b(Adhoc)434 b(|)i(|)54 b(ISP)55 1873 y(|)1581
b(Network)324 b(|)436 b(|)55 1986 y(|)326 b(regular)52
b(data)1307 b(|)436 b(|)55 2099 y(|)326 b(traffic)52
b(by)544 b(+---------+)268 b(|)436 b(|)55 2211 y(|)326
b(node)53 b(A)763 b(|Malicious|)268 b(|)327 b(+-+--------+)55
2324 y(|)545 b(+-------------)o(->)o(+)103 b(Node)162
b(+-----+///-->+)48 b(Firewall)j(+-//)55 2437 y(|)545
b(\210)817 b(|)163 b(3)273 b(|===========>|)212 b(1)272
b(|)55 2550 y(|)545 b(|)817 b(+---------+)50 b(injected)160
b(+-+--------+)55 2663 y(|)545 b(|)1472 b(data)53 b(traffic)e(|)55
2776 y(|)545 b(|)1690 b(|)436 b(|)55 2889 y(|)545 b(|)1690
b(|)436 b(|)55 3002 y(|)326 b(+---+-----+)432 b(+---------+)322
b(|)436 b(|)55 3115 y(|)326 b(+)109 b(Node)162 b(|)436
b(|)108 b(Node)162 b(|)327 b(|)436 b(|)55 3228 y(|)326
b(|)218 b(1)g(|)436 b(|)217 b(2)h(|)327 b(|)436 b(|)55
3341 y(|)326 b(+---------+)432 b(+---------+)322 b(|)436
b(|)55 3453 y(|)545 b(\210)1690 b(|)436 b(+--------//)55
3566 y(|)545 b(|)1690 b(|)55 3679 y(+----------+--)o(--)o(--)o(--)o
(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)655
3792 y(|)491 3905 y(+--+---+)491 4018 y(|)54 b(Node)f(|)491
4131 y(|)109 b(A)163 b(|)491 4244 y(+------+)956 4539
y Fm(Figure)24 b(1:)29 b(General)24 b(Limits)g(of)f(In-P)o(ath)h(Fire)n
(w)o(all)g(Signaling)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)750 b Fm(Expires)24 b(September)h(2003)751
b([P)o(age)23 b(4])p eop
%%Page: 5 5
5 4 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fk(4)119 b(T)-9 b(rust)30 b(Relationships)0 606
y Fm(It)g(is)g(unusual)h(to)f(start)h(a)f(protocol)i(description)h
(with)d(trust)h(relationships)i(to)d(e)o(xplain)i(the)e(basic)h
(protocol)h(beha)n(vior)-5 b(.)0 718 y(A)30 b(protocol)i(for)f(\002re)n
(w)o(all)g(tra)n(v)o(ersal)h(is)f(some)n(what)g(dif)n(ferent)i(since)f
(trust)f(relationships)k(are)c(v)o(ery)g(important)h(for)f(the)0
831 y(protocol)24 b(design)g(and)f(N)m(A)-10 b(T)20 b(tra)n(v)o(ersal)k
(does)f(not)f(cause)h(problems)h(to)e(the)h(same)f(de)o(gree.)29
b(for)23 b(its)f(internal)i(mechanisms.)0 1081 y Fj(4.1)99
b(P)n(eer)l(-to-P)n(eer)27 b(T)-7 b(rust)25 b(Relationship)0
1255 y Fm(The)20 b(follo)n(wing)j(scenarios)g(can)e(be)g(considered)j
(as)c(the)i(simplest)g(since)f(peer)n(-to-peer)k(trust)c(relationship)k
(e)o(xist)c(between)0 1368 y(the)j(participating)k(entities.)33
b(These)24 b(trust)h(relationships)j(are)d(either)g(direct)h(or)e
(indirect)i(and)f(help)f(to)h(establish)h(security)0
1481 y(associations)34 b(dynamically)f(\(for)e(e)o(xample)g(between)g
(Host)f(A)g(and)g(the)h(local)g(middlebox)i(i.e.)48 b(Middlebox)33
b(1)d(within)0 1594 y(Netw)o(ork)22 b(A\))f(with)h(the)g(help)h(of)f
(an)g(authentication)k(and)c(k)o(e)o(y)g(e)o(xchange)i(protocol.)30
b(Authentication)c(and)c(authorization)0 1706 y(of)j(the)f(request)j
(to)d(the)h(middlebox)i(de)n(vice)f(is)e(thereby)j(required)g(for)d
(successful)k(protocol)f(completion.)34 b(Important)26
b(in)0 1819 y(this)k(conte)o(xt)g(is)f(the)g(trust)h(relationship)i
(between)e(the)g(tw)o(o)e(netw)o(orks)j(\(i.e.)45 b(between)30
b(Middlebox)h(1)e(and)g(Middlebox)0 1932 y(2\).)h(In)24
b(this)h(scenario)h(it)e(is)g(assumed)h(that)g(no)f(\002re)n(w)o(all)g
(is)g(present)h(within)g(the)f(core)h(netw)o(ork.)32
b(In)24 b(case)g(that)h(Middlebox)0 2045 y(requires)d(authentication)j
(of)20 b(the)g(Host)h(A)e(\(or)h(from)g(the)h(user)g(located)h(at)e
(Host)g(A\))f(then)i(an)f(\224Authentication)k(Required\224)2
2158 y(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)36 b Fm(message)31
b(with)f(an)h(error)g(code)g(is)e(returned)k(to)d(the)g(initiator)-5
b(.)51 b(In)30 b(case)h(of)f(a)g(sender)n(-initiated)35
b(signaling)0 2271 y(message)26 b(transmitted)i(by)d(Host)g(A)f(the)i
(requested)i(\002lter)d(entries)i(at)e(the)g(\002rst)g(middlebox)i(are)
f(already)h(installed)g(when)0 2384 y(the)d(request)h(at)e(the)h
(subsequent)j(middlebox)f(f)o(ails.)141 2497 y(Since)h(end)f(hosts)i
(usually)g(do)e(not)h(ha)n(v)o(e)g(\(and)g(should)h(not)f(ha)n(v)o(e\))
g(topology)i(information)f(of)f(the)f(netw)o(orks)i(along)0
2610 y(the)36 b(path)h(it)f(is)g(not)g(possible)i(to)e(transmit)h
(polic)o(y)g(rules)g(for)g(both)f(directions)j(\(if)d(data)h(traf)n
(\002c)f(later)h(\003o)n(ws)d(in)i(both)0 2723 y(directions\).)58
b(Hence)33 b(it)f(is)g(required)i(that)f(both)g(nodes)h(transmit)f
(separate)i(signaling)f(messages)g(for)f(each)g(direction)0
2836 y(containing)24 b(separate)g(polic)o(y)e(rules)g(for)g(each)g
(traf)n(\002c)f(\003o)n(w)f(\(if)h(the)h(data)g(traf)n(\002c)f(is)h
(later)g(sent)g(in)f(both)h(directions\).)31 b(These)0
2948 y(signaling)36 b(messages)f(are)f(transmitted)h(by)f(the)f(end)h
(hosts)h(and)f(the)o(y)f(do)h(not)g(need)g(to)f(tra)n(v)o(el)i(along)f
(the)g(same)f(path)0 3061 y(because)23 b(of)f(asymmetric)h(routes)g
(\(see)f([8)q(].)27 b(Therefore)c(the)f(signaling)i(message)f(which)f
(is)f(triggered)j(from)e(the)g(tw)o(o)f(end)0 3174 y(hosts)k(in)e(each)
h(direction)i(do)e(not)g(necessarily)i(need)f(to)e(install)i(state)g
(at)e(the)h(same)f(\002re)n(w)o(all.)141 3287 y(Polic)o(y)c(rule)g
(installation)k(is)18 b(based)i(on)f(the)g(information)i(transmitted)g
(with)e(the)g(\003o)n(w)f(identi\002er)i(object)g(at)f(the)g(CASP)0
3400 y(NTLP)27 b(layer)j(and)g(at)f(the)g(pack)o(et)i(\002lter)e
(object)i(at)e(the)g(N)m(A)-10 b(TFW)26 b(NSLP)h(layer)-5
b(.)47 b(The)29 b(content)i(of)e(both)h(objects)h(might)0
3513 y(change)j(mid-path)g(\(for)f(e)o(xample)g(when)g(passing)h(a)e(N)
m(A)-10 b(T\))31 b(and)i(is)f(allo)n(wed)h(to)f(change)i(mid-session)h
(\(for)e(e)o(xample)0 3626 y(because)i(of)e(mobility\).)58
b(F)o(or)32 b(those)j(cases)e(where)h(the)f(information)i(carried)g
(within)e(a)g(pack)o(et)h(\002lter)f(object)i(cannot)0
3739 y(be)28 b(interpreted)j(an)c(error)i(message)g(is)f(returned)i
(indicating)g(the)e(inadequate)j(information.)44 b(P)o(ack)o(et)28
b(\002lter)g(processing)0 3852 y(f)o(ailures)j(are)d(possible)j(when)e
(for)g(e)o(xample)h(a)e(V)-5 b(irtual)29 b(Pri)n(v)n(ate)g(Netw)o(ork)g
(Identi\002er)h(such)f(as)g(\(Extended\))i(T)l(unnel)e(ID)0
3965 y(is)36 b(transmitted)j(to)e(an)g(IP)e(\002re)n(w)o(all)h(or)h
(when)g(a)f(\002re)n(w)o(all)g(is)h(unable)h(to)e(install)j(a)d(pack)o
(et)i(\002lter)e(with)h(the)g(indicated)0 4078 y(granularity)-6
b(.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)750
b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(5])p eop
%%Page: 6 6
6 5 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)55
1592 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)55 1705
y(|)1417 b(|)763 b(|)1418 b(|)55 1818 y(|)763 b(Network)51
b(A)163 b(|)763 b(|)h(Network)51 b(B)163 b(|)55 1931
y(|)1417 b(|)763 b(|)1418 b(|)55 2044 y(|)872 b(+---------+)758
b(+---------+)868 b(|)55 2156 y(|)545 b(+-///-+)51 b(Middle-)g
(+---///////----)o(+)e(Middle-)i(+-///-+)542 b(|)55 2269
y(|)j(|)272 b(|)108 b(box)54 b(1)108 b(|)163 b(Trust)325
b(|)109 b(box)53 b(2)109 b(|)272 b(|)545 b(|)55 2382
y(|)g(|)272 b(+---------+)49 b(Relationship)g(+---------+)268
b(|)545 b(|)55 2495 y(|)g(|)817 b(|)763 b(|)818 b(|)545
b(|)55 2608 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55
2721 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55 2834
y(|)g(|)163 b(Trust)379 b(|)763 b(|)327 b(Trust)216 b(|)545
b(|)55 2947 y(|)g(|)54 b(Relationship)103 b(|)763 b(|)109
b(Relationship)49 b(|)545 b(|)55 3060 y(|)g(|)817 b(|)763
b(|)818 b(|)545 b(|)55 3173 y(|)g(|)817 b(|)763 b(|)818
b(|)545 b(|)55 3286 y(|)g(|)817 b(|)763 b(|)818 b(|)545
b(|)55 3398 y(|)381 b(+--+---+)596 b(|)763 b(|)655 b(+--+---+)323
b(|)55 3511 y(|)381 b(|)54 b(Host)f(|)599 b(|)763 b(|)655
b(|)54 b(Host)e(|)327 b(|)55 3624 y(|)381 b(|)109 b(A)163
b(|)599 b(|)763 b(|)655 b(|)108 b(B)163 b(|)327 b(|)55
3737 y(|)381 b(+------+)596 b(|)763 b(|)655 b(+------+)323
b(|)55 3850 y(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)1197
4146 y Fm(Figure)24 b(2:)29 b(Peer)n(-to-Peer)d(T)m(rust)d
(Relationship)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)
g(Aoun)750 b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(6])p eop
%%Page: 7 7
7 6 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(4.2)99 b(Intra-domain)26 b(T)-7 b(rust)25 b(Relationship)0
573 y Fm(In)i(lar)n(ger)h(corporations)i(often)e(more)f(than)g(one)h
(\002re)n(w)o(all)e(is)h(used)g(to)g(protect)h(dif)n(ferent)h
(departments.)41 b(In)27 b(man)o(y)f(cases)0 686 y(the)j(entire)i
(enterprise)g(is)e(controlled)j(by)e(a)e(security)j(department)h(which)
d(gi)n(v)o(es)h(instructions)i(to)d(the)h(department)h(ad-)0
799 y(ministrators.)51 b(In)30 b(such)h(a)e(scenario)j(a)e(peer)n
(-to-peer)k(trust-relationship)h(might)30 b(be)g(pre)n(v)n(alent.)51
b(Sometimes)30 b(ho)n(we)n(v)o(er)0 912 y(it)e(might)g(be)g(necessary)j
(to)d(preserv)o(e)h(authentication)k(and)28 b(authorization)k
(information)f(within)d(the)g(netw)o(ork.)44 b(In)28
b(this)0 1024 y(case)f(an)g(interaction)i(between)f(the)f(indi)n
(vidual)i(middlebox)o(es)g(and)e(a)g(central)h(entity)g(\(for)f(e)o
(xample)g(a)f(polic)o(y)i(decision)0 1137 y(point)h(-)f(PDP\))f(might)i
(be)f(required.)45 b(Otherwise)29 b(it)f(is)h(possible)h(to)e
(communicate)j(the)d(authorization)33 b(decision)d(made)0
1250 y(at)e(one)h(\002re)n(w)o(all)f(to)h(another)h(\002re)n(w)o(all)e
(within)h(the)g(same)f(trust)i(domain.)44 b(Each)28 b(middlebox)j(can)e
(either)g(communicate)0 1363 y(with)20 b(the)h(PDP)d(or)i(the)h(PDP)d
(issues)k(an)e(authorization)k(tok)o(en)e(which)f(allo)n(ws)f(the)h
(middlebox)o(es)i(to)d(react)h(independently)-6 b(.)0
1476 y(Figure)28 b(3)f(refers)i(to)f(this)g(structure.)43
b(T)-7 b(o)26 b(a)n(v)n(oid)k(comple)o(x)e(protocol)i(interactions)h
(indi)n(vidual)f(middlebox)o(es)g(within)e(an)0 1589
y(administrati)n(v)o(e)j(domain)f(should)g(mak)o(e)e(use)h(of)g(their)g
(trust)g(relationship)j(instead)e(of)f(requesting)i(authentication)i
(and)0 1702 y(authorization)38 b(of)c(the)g(signaling)j(initiator)f
(again.)61 b(This)33 b(pro)o(vides)j(both)f(a)f(performance)i(impro)o
(v)o(ement)g(without)f(a)0 1815 y(security)26 b(disadv)n(antage)h
(since)d(a)f(single)i(administrati)n(v)o(e)h(domain)f(can)f(be)f(seen)i
(as)e(a)g(single)i(entity)-6 b(.)55 1977 y Fe(+-------------)o(--)o(--)
o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o
(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(+)55 2090 y(|)3435
b(|)55 2203 y(|)2781 b(Network)51 b(A)163 b(|)55 2316
y(|)3435 b(|)55 2429 y(|)g(|)55 2541 y(|)1417 b(+---------+)868
b(+---------+)55 2654 y(|)545 b(+----///------)o(--)o(+)48
b(Middle-)k(+------///----)o(--)o(++)c(Middle-)j(+---)55
2767 y(|)545 b(|)817 b(|)109 b(box)53 b(2)109 b(|)872
b(|)109 b(box)53 b(2)108 b(|)55 2880 y(|)545 b(|)817
b(+----+----+)868 b(+----+----+)55 2993 y(|)545 b(|)1090
b(|)1418 b(|)217 b(|)55 3106 y(|)272 b(+----+----+)813
b(|)1418 b(|)217 b(|)55 3219 y(|)272 b(|)54 b(Middle-)d(+--------+)323
b(+---------+)868 b(|)217 b(|)55 3332 y(|)272 b(|)108
b(box)54 b(1)108 b(|)436 b(|)872 b(|)h(|)217 b(|)55 3445
y(|)272 b(+----+----+)431 b(|)872 b(|)h(|)217 b(|)55
3558 y(|)545 b(|)708 b(|)872 b(|)h(|)217 b(|)55 3671
y(|)545 b(-)708 b(|)872 b(|)h(|)217 b(|)55 3783 y(|)545
b(-)708 b(|)600 b(+----+-----+)540 b(|)217 b(|)55 3896
y(|)545 b(|)708 b(|)600 b(|)54 b(Policy)161 b(|)545 b(|)217
b(|)55 4009 y(|)381 b(+--+---+)487 b(+-----------+)49
b(Decision)i(+----------+)212 b(|)55 4122 y(|)381 b(|)54
b(Host)f(|)1145 b(|)54 b(Point)216 b(|)817 b(|)55 4235
y(|)381 b(|)109 b(A)163 b(|)1145 b(+----------+)812 b(|)55
4348 y(|)381 b(+------+)2614 b(|)55 4461 y(+-------------)o(--)o(--)o
(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o
(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(+)1186 4756
y Fm(Figure)24 b(3:)29 b(Intra-domain)e(T)m(rust)c(Relationship)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)750
b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(7])p eop
%%Page: 8 8
8 7 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(4.3)99 b(Requir)n(ed)27 b(End-to-Middle)g(T)-7
b(rust)25 b(Relationship)0 573 y Fm(In)37 b(some)g(scenarios)i(a)d
(simple)i(peer)n(-to-peer)i(trust)e(relationship)i(between)e
(participating)i(nodes)e(is)f(not)g(suf)n(\002cient.)0
686 y(Netw)o(ork)h(B)d(might)j(require)h(some)e(authentication)k(of)c
(the)h(signaling)i(message)e(initiator)-5 b(.)71 b(If)37
b(authentication)42 b(and)0 799 y(authorization)25 b(information)e(is)e
(not)g(attached)i(to)e(the)g(initial)i(signaling)g(message)f(then)g
(the)f(signaling)i(message)f(arri)n(ving)0 912 y(at)c(Middlebox)j(2)d
(w)o(ould)h(cause)h(a)g(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k
Fm(message)c(with)e(an)h(error)g(code)g(\224Authentication)k
(Required\224)d(is)e(returned.)0 1024 y(Ho)n(we)n(v)o(er)l(,)40
b(in)c(man)o(y)h(cases)h(the)f(user)h(initiating)h(the)e(signaling)i
(message)f(e)o(xchange)h(is)e(already)i(a)o(w)o(are)d(of)h(such)h(a)0
1137 y(constraint)33 b(and)e(recei)n(v)o(ed)h(credentials)h(before)f
(the)f(message)h(e)o(xchange)g(w)o(as)e(started.)51 b(These)31
b(credentials)i(might)e(be)0 1250 y(based)g(either)f(on)g(symmetric)g
(\(shared)i(secret\))f(or)e(based)i(on)e(asymmetric)i(\(public)g(k)o(e)
o(y\))f(cryptography)-6 b(.)50 b(In)30 b(order)g(to)0
1363 y(a)n(v)n(oid)g(a)e(challenge/response)34 b(type)29
b(of)f(message)h(e)o(xchange)h(the)f(initiating)i(node)e(\(Host)f(A)f
(in)h(our)h(scenario\))h(already)0 1476 y(includes)35
b(a)e(CMS)e(object)j(to)f(the)g(outgoing)j(signaling)f(message.)59
b(The)32 b(CMS)f(object)k(contains)g(the)e(identity)i(of)e(the)0
1589 y(signaling)f(initiator)l(,)h(the)d(identity)h(of)f(the)f
(destination)k(netw)o(ork,)f(the)e(destination)i(address)f(of)f(Host)f
(B,)f(a)h(timestamp)0 1702 y(for)24 b(replay)i(protection)h(and)d
(possibly)j(some)d(other)h(application)i(speci\002c)e(information)i
(lik)o(e)e(an)f(application)j(identi\002er)-5 b(.)0 1815
y(CMS)22 b(allo)n(ws)i(to)f(use)h(both)g(symmetric)h(and)f(asymmetric)h
(credentials.)141 1928 y(Figure)f(4)f(sho)n(ws)h(the)g(slightly)h(more)
f(comple)o(x)g(trust)h(relationships)i(in)d(this)g(scenario.)55
2090 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)55 2203
y(|)1417 b(|)763 b(|)1418 b(|)55 2316 y(|)763 b(Network)51
b(A)163 b(|)763 b(|)h(Network)51 b(B)163 b(|)55 2429
y(|)1417 b(|)763 b(|)1418 b(|)55 2541 y(|)f(|)54 b(Trust)434
b(|)1418 b(|)55 2654 y(|)f(|)54 b(Relationship)49 b(|)1418
b(|)55 2767 y(|)872 b(+---------+)758 b(+---------+)868
b(|)55 2880 y(|)545 b(+-///-+)51 b(Middle-)g(+---///////----)o(+)e
(Middle-)i(+-///-+)542 b(|)55 2993 y(|)j(|)272 b(|)108
b(box)54 b(1)108 b(|)327 b(+-------+)105 b(box)53 b(2)109
b(|)272 b(|)545 b(|)55 3106 y(|)g(|)272 b(+---------+)322
b(|)381 b(+---------+)268 b(|)545 b(|)55 3219 y(|)g(|)817
b(|)327 b(|)381 b(|)818 b(|)545 b(|)55 3332 y(|)g(|Trust)d(|)327
b(|)381 b(|)818 b(|)545 b(|)55 3445 y(|)g(|Relationship)157
b(|)327 b(|)381 b(|)818 b(|)545 b(|)55 3558 y(|)g(|)817
b(|)327 b(|)381 b(|)164 b(Trust)379 b(|)545 b(|)55 3671
y(|)g(|)817 b(|)327 b(|)381 b(|)164 b(Relationship|)539
b(|)55 3783 y(|)545 b(|)817 b(|)327 b(|)381 b(|)818 b(|)545
b(|)55 3896 y(|)g(|)817 b(|)327 b(|)381 b(|)818 b(|)545
b(|)55 4009 y(|)g(|)817 b(|)327 b(|)381 b(|)818 b(|)545
b(|)55 4122 y(|)g(|)817 b(|)327 b(|)381 b(|)818 b(|)545
b(|)55 4235 y(|)381 b(+--+---+)596 b(|)327 b(|)381 b(|)655
b(+--+---+)323 b(|)55 4348 y(|)381 b(|)54 b(Host)f(+----///----+-)o(--)
o(---)o(+)375 b(|)655 b(|)54 b(Host)e(|)327 b(|)55 4461
y(|)381 b(|)109 b(A)163 b(|)599 b(|Trust)488 b(|)655
b(|)108 b(B)163 b(|)327 b(|)55 4574 y(|)381 b(+------+)596
b(|Relationship)103 b(|)655 b(+------+)323 b(|)55 4687
y(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)1153
4982 y Fm(Figure)25 b(4:)j(End-to-Middle)e(T)m(rust)e(Relationship)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)750
b Fm(Expires)24 b(September)h(2003)751 b([P)o(age)23
b(8])p eop
%%Page: 9 9
9 8 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(4.4)99 b(Missing)24 b(Netw)o(ork-to-Netw)o(ork)j(T)-7
b(rust)25 b(Relationship)0 573 y Fm(Peer)n(-to-peer)37
b(trust)e(relationship)i(as)d(sho)n(wn)g(in)g(Figure)h(2)f(is)g(a)f(v)o
(ery)i(con)l(v)o(enient)i(assumption)f(that)f(allo)n(ws)f(simpli-)0
686 y(\002ed)c(signaling)j(message)f(processing.)52 b(Ho)n(we)n(v)o(er)
30 b(it)h(is)f(ob)o(vious)i(that)f(such)h(an)e(assumption)j(does)e(not)
g(al)o(w)o(ays)h(hold.)0 799 y(Especially)d(the)f(trust)g(relationship)
j(between)e(tw)o(o)e(arbitrary)i(non-adjacent)i(access)e(netw)o(orks)g
(is)e(lik)o(ely)i(non-e)o(xistent)0 912 y(because)36
b(of)d(the)h(lar)n(ge)h(number)g(of)e(netw)o(orks)j(and)e(the)g
(unwillingness)j(of)c(administrators)k(to)d(ha)n(v)o(e)g(other)h(netw)o
(ork)0 1024 y(operators)26 b(to)d(create)h(holes)h(in)e(their)h(\002re)
n(w)o(alls)g(without)g(proper)h(authorization.)32 b(Hence)24
b(in)f(the)h(follo)n(wing)h(scenario)g(we)0 1137 y(assume)d(a)f(some)n
(what)g(dif)n(ferent)i(message)f(processing)j(and)c(sho)n(w)g(three)h
(possible)h(approaches)i(to)c(tackle)h(the)f(problem.)0
1250 y(None)j(of)f(these)i(three)f(approaches)j(is)c(without)i(dra)o
(wbacks)g(or)e(constraining)k(assumptions.)55 1412 y
Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)55 1525
y(|)1417 b(|)763 b(|)1418 b(|)55 1638 y(|)763 b(Network)51
b(A)163 b(|)763 b(|)h(Network)51 b(B)163 b(|)55 1751
y(|)1417 b(|)763 b(|)1418 b(|)55 1864 y(|)872 b(+---------+)158
b(Missing)215 b(+---------+)868 b(|)55 1977 y(|)545 b(+-///-+)51
b(Middle-)g(|)218 b(Trust)270 b(|)55 b(Middle-)c(+-///-+)542
b(|)55 2090 y(|)j(|)272 b(|)108 b(box)54 b(1)108 b(|)163
b(Relation-)105 b(|)k(box)53 b(2)109 b(|)272 b(|)545
b(|)55 2203 y(|)g(|)272 b(+---------+)c(ship)i(+---------+)e(|)545
b(|)55 2316 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55
2429 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55 2541
y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55 2654 y(|)g(|)163
b(Trust)379 b(|)763 b(|)327 b(Trust)216 b(|)545 b(|)55
2767 y(|)g(|)54 b(Relationship)103 b(|)763 b(|)109 b(Relationship)49
b(|)545 b(|)55 2880 y(|)g(|)817 b(|)763 b(|)818 b(|)545
b(|)55 2993 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55
3106 y(|)g(|)817 b(|)763 b(|)818 b(|)545 b(|)55 3219
y(|)381 b(+--+---+)596 b(|)763 b(|)655 b(+--+---+)323
b(|)55 3332 y(|)381 b(|)54 b(Host)f(|)599 b(|)763 b(|)655
b(|)54 b(Host)e(|)327 b(|)55 3445 y(|)381 b(|)109 b(A)163
b(|)599 b(|)763 b(|)655 b(|)108 b(B)163 b(|)327 b(|)55
3558 y(|)381 b(+------+)596 b(|)763 b(|)655 b(+------+)323
b(|)55 3671 y(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(+)757
b(+---------------)o(--)o(--)o(--)o(---)o(--)o(+)883
3966 y Fm(Figure)24 b(5:)29 b(Missing)c(Netw)o(ork-to-Netw)o(ork)h(T)m
(rust)d(Relationship)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)750 b Fm(Expires)24 b(September)h(2003)751
b([P)o(age)23 b(9])p eop
%%Page: 10 10
10 9 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(W)-7 b(e)23 b(identi\002ed)i(three)f(possible)i(approaches)h(of)c
(tackling)j(the)e(problem)g(described)i(in)e(Figure)g(5.)0
586 y Ff(Recei)o(v)o(er)m(-Initiated)i(Signaling:)75
b Fm(The)18 b(\002rst)f(approach)k(mak)o(es)e(use)f(of)g(recei)n(v)o
(er)n(-based)k(signaling)e(message)g(e)o(xchange.)227
699 y(If)k(Host)f(A)g(sends)i(a)e(signaling)j(message)f(to)n(w)o(ard)f
(the)g(destination)j(to)c(Middlebox)j(1)e(the)g(message)g(can)g(be)g
(prop-)227 812 y(erly)33 b(protected.)59 b(Middlebox)34
b(1)f(establishes)i(some)e(state)g(information)i(and)e(e)o(xpects)h(an)
f(incoming)h(message)227 925 y(initiated)d(by)e(Host)f(B.)f(Signaling)k
(message)e(protection)j(between)d(the)g(tw)o(o)g(netw)o(orks)h(is)e
(dif)n(\002cult.)45 b(A)27 b(missing)227 1038 y(trust)35
b(relationship)i(does)e(not)g(necessarily)i(mean)d(that)g(no)g
(security)i(association)h(establishment)g(is)d(possible.)227
1151 y(The)28 b(lacking)i(trust)f(\224only\224)g(disallo)n(ws)h
(Middlebox)g(1)d(to)h(create)i(pack)o(et)f(\002lters)f(at)g(Middlebox)j
(2.)41 b(Hence,)30 b(this)227 1264 y(missing)c(trust)f(is)f(an)g
(authorization)k(problem)e(rather)f(than)g(a)f(security)i(association)i
(establishment)f(problem.)32 b(If)227 1377 y(the)26 b(CASP)d(message)k
(itself)f(is)f(allo)n(wed)i(to)e(pass)h(the)g(\002re)n(w)o(all)f(then)h
(it)f(\002nally)h(reaches)i(Host)d(B.)f(Host)h(B)g(should)227
1489 y(not)32 b(e)o(xperience)i(an)o(y)e(dif)n(\002culties)h(to)f
(install)h(\002lters)e(at)h(the)f(local)i(\002re)n(w)o(all)e
(\(Middlebox)j(2\).)53 b(The)31 b(message)h(is)227 1602
y(then)27 b(forw)o(arded)i(to)d(Middlebox)j(1)d(which)g(already)j(w)o
(aits)d(for)h(the)f(incoming)i(signaling)h(message.)39
b(Because)27 b(it)227 1715 y(is)g(possible)i(to)d(associate)j(e)o
(xisting)g(state)e(information)i(at)e(Middlebox)i(1)d(with)h(the)f
(incoming)j(message)f(pack)o(et)227 1828 y(\002lters)33
b(are)g(installed)j(and)d(the)g(message)h(is)f(\002nally)g(forw)o
(arded)i(to)e(Host)f(A.)g(Authorization)k(for)d(pack)o(et)h(\002lter)
227 1941 y(installation)h(in)c(Netw)o(ork)h(A)e(has)i(to)g(be)f(pro)o
(vided)i(by)f(Host)f(A)g(and)g(for)h(Netw)o(ork)g(B)e(has)i(to)f(be)h
(pro)o(vided)h(by)227 2054 y(Host)26 b(B)e(when)h(returning)j(the)e
(response)h(message.)35 b(pack)o(et)27 b(\002lters)f(are)f(installed)j
(for)e(data)g(traf)n(\002c)f(from)g(Host)g(A)227 2167
y(to)k(Host)f(B.)f(The)h(same)g(procedure)j(has)e(to)f(be)h(applied)h
(again)f(to)f(signal)i(information)h(for)e(the)f(other)i(direction)227
2280 y(\(Host)24 b(B)e(to)i(Host)f(A\).)227 2430 y(The)g(follo)n(wing)i
(beha)n(vior)h(has)e(to)g(be)f(assumed)i(in)f(order)g(for)g(this)g
(approach)i(to)d(be)h(applicable:)336 2605 y Fc(\017)46
b Fm(Signaling)22 b(messages)f(must)e(be)h(allo)n(wed)g(to)f(pass)i
(\002re)n(w)o(alls)e(along)i(the)f(path.)28 b(No)19 b(authorization)k
(for)d(pack)o(et)427 2718 y(\002lter)j(installation)j(is)c(required)j
(at)d(this)h(stage.)30 b(Blocking)24 b(signaling)h(messages)f(at)e
(\002re)n(w)o(alls)h(disallo)n(ws)h(the)427 2831 y(recei)n(v)o(er)h(of)
f(the)f(signaling)j(message)f(to)f(return)g(a)g(signaling)i(message.)
336 2977 y Fc(\017)46 b Fm(The)21 b(signaling)i(message)f(initiated)h
(by)e(the)h(NI)e(will)g(require)j(state)e(installation)k(on)c(all)g
(the)g(NFs)e(in)i(the)g(path)427 3090 y(\(if)j(a)f(RSVP)e(P)-8
b(A)e(TH)21 b(message)j(semantic)h(is)f(assumed\).)30
b(CASP)21 b(NTLP)-10 b(,)21 b(ho)n(we)n(v)o(er)l(,)j(also)g(allo)n(ws)g
(a)f(stateless)427 3203 y(signaling)j(message)f(routing.)227
3416 y(This)f(approach)i(suf)n(fers)e(from)g(the)g(follo)n(wing)h(dra)o
(wbacks:)336 3566 y Fc(\017)46 b Fm(If)28 b(the)h(CASP)c(signaling)31
b(messages)f(\(in)e(this)h(case)g(the)f(\224P)-8 b(A)e(TH\224)26
b(message\))k(is)e(not)h(allo)n(wed)g(to)f(bypass)i(a)427
3679 y(\002re)n(w)o(all)24 b(then)g(no)f(polic)o(y)i(rules)g(are)e
(created)i(at)f(an)o(y)f(node)i(along)g(the)e(path.)336
3825 y Fc(\017)46 b Fm(Recei)n(v)o(er)n(-initiated)30
b(signaling)e(has)d(the)h(adv)n(antage)i(that)e(the)f(recei)n(v)o(er)i
(has)f(to)f(accept)i(the)e(creation)j(of)d(the)427 3938
y(polic)o(y)31 b(rule)f(in)g(his)g(o)n(wn)f(netw)o(ork)i(to)e(trigger)j
(the)e(creation)h(locally)-6 b(.)49 b(This)30 b(seems)g(to)f(simplify)i
(security)427 4051 y(processing.)48 b(If)29 b(a)f(N)m(A)-10
b(T)27 b(is)i(present)h(then)g(still)g(a)g(R)t Fd(E)t(S)t(P)t(O)t(N)t
(S)t(E)35 b Fm(message)30 b(is)f(required)i(to)e(inform)g(the)h(data)
427 4164 y(message)22 b(sender)h(about)f(the)f(N)m(A)-10
b(T)i(-binding)21 b(\(i.e.)28 b(the)21 b(IP)f(addresses)j(and)f(port)f
(information)j(seen)d(by)g(a)g(data)427 4276 y(traf)n(\002c)j(recei)n
(v)o(er\).)0 4464 y Ff(Access)g(Netw)o(ork-Only)g(Signaling)f(Message)i
(Exchange)46 b Fm(The)27 b(ne)o(xt)h(approach)h(is)e(based)i(on)e
(signaling)j(pack)o(et)f(\002l-)227 4577 y(ter)35 b(information)i(by)e
(both)g(hosts)h(into)f(the)g(local)h(access)g(netw)o(ork)f(only)-6
b(.)63 b(CASP)32 b(allo)n(ws)j(to)g(specify)h(such)g(a)227
4690 y(beha)n(vior)f(by)e(indicating)i(the)e(signaling)i(endpoint)f
(with)f(the)f(help)i(of)e(scoping)i(\()e(for)h(e)o(xample)g(with)f
(domain)227 4803 y(name)26 b(or)g(a)f(\224local)i(netw)o(ork)g
(only\224)g(\003ag\).)35 b(Scoping)27 b(means)f(that)g(the)g(signaling)
j(message)d(although)j(addressed)227 4916 y(to)e(a)g(particular)i
(destination)i(IP)26 b(address)j(terminates)g(some)n(where)f(along)g
(the)f(path.)40 b(If)27 b(pack)o(et)i(\002lters)e(for)g(both)227
5029 y(directions)f(ha)n(v)o(e)e(to)f(be)g(installed)i(then)f(the)f
(signaling)i(messages)g(ha)n(v)o(e)f(to)f(mak)o(e)g(pack)o(et)h
(\002lter)f(installations)k(up-)227 5142 y(and)22 b(do)n(wnstream)h
(along)f(the)g(data)g(path.)28 b(Similar)21 b(to)h(proposals)i(in)d
(the)g(area)h(of)f(QoS)f(signaling)k(some)e(problems)227
5254 y(are)30 b(lik)o(ely)g(to)f(occur)-5 b(.)47 b(One)29
b(such)h(problem)g(is)f(that)h(do)n(wnstream)g(signaling)i(in)d
(general)i(causes)f(problems)h(be-)227 5367 y(cause)22
b(of)f(asymmetric)i(routes.)29 b(In)21 b(particular)i(it)e(is)g(dif)n
(\002cult)h(to)f(determine)h(the)g(\002re)n(w)o(all)e(where)i(the)f(do)
n(wnstream)0 5656 y Fl(H.)d(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g
(Aoun)727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(10])p eop
%%Page: 11 11
11 10 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)227
399 y(data)29 b(traf)n(\002c)f(will)f(enter)i(a)e(netw)o(ork.)43
b(The)27 b(problem)i(of)f(triggering)j(do)n(wnstream)e(reserv)n(ations)
i(is)c(for)h(e)o(xample)227 511 y(described)i(in)d([9].)39
b(Another)28 b(problem)g(for)f(e)o(xample)h(is)f(the)g(placement)i(of)d
(a)h(\002re)n(w)o(all)g(or)f(N)m(A)-10 b(T)25 b(along)j(the)f(path)227
624 y(other)e(than)f(in)g(the)f(access)i(netw)o(ork.)30
b(This)24 b(w)o(ould)g(pre)n(v)o(ent)g(a)f(successful)k(data)d(e)o
(xchange.)227 774 y(The)f(follo)n(wing)i(beha)n(vior)h(has)e(to)g(be)f
(assumed)i(in)f(order)g(for)g(this)g(approach)i(to)d(be)h(applicable:)
336 947 y Fc(\017)46 b Fm(It)22 b(must)f(be)h(possible)h(to)f(trigger)h
(a)e(signaling)j(message)f(e)o(xchange)g(for)f(a)f(do)n(wnstream)i
(signaling)h(message)427 1060 y(e)o(xchange)i(at)d(the)h(\002re)n(w)o
(all)f(where)h(the)g(data)g(traf)n(\002c)g(enters)h(the)e(netw)o(ork.)
336 1205 y Fc(\017)46 b Fm(No)23 b(other)i(\002re)n(w)o(alls)e(or)h(N)m
(A)-10 b(Ts)21 b(are)j(present)h(along)g(the)f(path)g(other)h(than)f
(in)f(the)h(access)h(netw)o(ork.)227 1415 y(This)f(approach)i(suf)n
(fers)e(from)g(the)g(follo)n(wing)h(dra)o(wbacks:)336
1565 y Fc(\017)46 b Fm(T)-7 b(o)34 b(signal)j(polic)o(y)f(rules)g(only)
f(within)h(the)f(access)i(netw)o(ork)f(\(by)f(both)h(end-points\))i
(has)e(a)e(number)i(of)427 1677 y(disadv)n(antage)g(and)d(challenges)i
(\(see)e(for)g(e)o(xample)g([9)q(]\).)55 b(The)31 b(comple)o(x)j
(message)f(processing)j(caused)427 1790 y(by)28 b(this)h(approach)h
(strongly)h(ar)n(gues)e(against)h(it)d(although)k(it)c(might)i(sound)g
(simple)g(\(and)g(e)n(v)o(en)f(might)g(be)427 1903 y(simple)e(in)e
(restricted)j(en)l(vironments\).)36 b(Section)26 b(10)f(addresses)i
(message)f(\003o)n(ws)e(for)g(this)i(case.)33 b(Although)427
2016 y(its)24 b(usage)h(is)e(possible)j(with)d(CASP)e(we)i(strongly)j
(discourage)g(its)e(usage.)336 2161 y Fc(\017)46 b Fm(Some)23
b(circumstances)k(can)d(lead)g(to)f(inef)n(fecti)n(v)o(e)j(polic)o(y)f
(rules.)0 2347 y Ff(A)-5 b(uthorization)25 b(T)-8 b(ok)o(ens:)73
b Fm(The)34 b(last)h(approach)i(is)d(based)i(on)f(some)f(e)o(xchanged)k
(authorization)g(tok)o(ens)e(which)f(are)227 2460 y(created)21
b(by)f(an)f(authorized)k(entity)d(\(such)h(as)e(the)h(PDP\))e(in)h
(each)h(access)h(netw)o(ork.)28 b(Both)20 b(hosts)g(need)h(to)e(e)o
(xchange)227 2573 y(these)31 b(tok)o(ens)g(with)f(some)f(protocols)k
(such)d(as)g(SIP)e(or)h(HTTP)f(which)i(is)f(more)h(lik)o(ely)h(allo)n
(wed)f(to)g(bypass)h(the)227 2685 y(\002re)n(w)o(all.)55
b(Host)32 b(A)f(w)o(ould)i(then)g(include)h(the)e(recei)n(v)o(ed)i
(authorization)i(tok)o(en)d(to)f(the)h(signaling)i(message)e(for)227
2798 y(Netw)o(ork)20 b(B.)d(When)j(the)f(signaling)i(message)g(arri)n
(v)o(es)f(at)e(Middlebox)k(2)c(then)i(the)f(tok)o(en)i(is)e(v)o
(eri\002ed)g(by)g(the)h(tok)o(en-)227 2911 y(creating)33
b(entity)-6 b(.)51 b(In)31 b(order)h(to)e(pre)n(v)o(ent)i(parties)g
(from)f(reusing)h(the)f(tok)o(en)h(timestamps)g(\(e.g.)51
b(tok)o(en)31 b(creation,)227 3024 y(tok)o(en)d(lifetime,)g(etc.\))38
b(ha)n(v)o(e)27 b(to)f(be)h(included.)40 b(Adding)27
b(IP)e(address)k(information)g(about)e(Host)g(A)e(w)o(ould)i(create)227
3137 y(dif)n(\002culties)f(in)d(relationship)k(with)c(N)m(A)-10
b(Ts.)227 3287 y(Information)29 b(about)e(Host)f(B)f(might)i(be)f
(possible)i(to)f(include)h(in)e(order)h(to)f(limit)g(attacks)i(where)e
(a)g(tok)o(en)i(is)e(lost)227 3399 y(and)k(reused)h(by)e(a)f(dif)n
(ferent)k(host)d(for)h(a)f(dif)n(ferent)i(purpose.)47
b(The)29 b(goal)h(is)f(to)g(restrict)i(the)e(usage)h(of)f(the)h(tok)o
(en)227 3512 y(for)k(a)f(speci\002c)i(session.)61 b(The)33
b(content)j(of)d(the)h(tok)o(en)h(only)g(needs)g(to)e(be)h(v)o
(eri\002ed)g(by)g(the)g(originator)i(of)e(the)227 3625
y(tok)o(en)26 b(since)g(it)f(only)h(has)f(to)g(be)f(v)o(eri\002ed)i
(locally)-6 b(.)34 b(Since)25 b(authorization)k(needs)d(to)f(be)g(link)
o(ed)h(to)f(the)g(authorized)227 3738 y(actions)j(which)e(ha)n(v)o(e)h
(to)f(be)g(performed)h(on)f(the)h(pack)o(ets)h(matching)f(the)f(pack)o
(et)i(\002lter)l(,)e(the)g(tok)o(en)i(may)d(include)227
3851 y(the)f(associated)i(action)f(or)f(a)f(reference)j(to)d(it.)227
4001 y(The)g(follo)n(wing)i(beha)n(vior)h(has)e(to)g(be)f(assumed)i(in)
f(order)g(for)g(this)g(approach)i(to)d(be)h(applicable:)336
4174 y Fc(\017)46 b Fm(The)27 b(e)o(xchange)j(of)d(authorization)32
b(tok)o(ens)d(between)f(end-systems)i(must)e(be)f(possible.)43
b(These)28 b(protocols)427 4287 y(must)c(be)f(allo)n(wed)i(to)e(pass)h
(the)g(\002re)n(w)o(alls.)336 4432 y Fc(\017)46 b Fm(An)28
b(end-system)j(must)d(be)h(able)g(to)g(request)h(such)f(an)g
(authorization)j(tok)o(en)e(at)f(some)f(entity)i(in)e(the)h(local)427
4545 y(netw)o(ork.)336 4689 y Fc(\017)46 b Fm(The)27
b(hosts)i(need)f(to)f(ha)n(v)o(e)h(each)g(other')-5 b(s)29
b(addresses,)h(which)e(is)f(complicated)j(to)d(ha)n(v)o(e)h(if)f(there)
i(are)e(N)m(A)-10 b(Ts)427 4802 y(deplo)o(yed)26 b(on)e(the)g(path)g
(\(especially)j(with)c(double)i(N)m(A)-10 b(T\).)227
5012 y(This)24 b(approach)i(suf)n(fers)e(from)g(the)g(follo)n(wing)h
(dra)o(wback:)336 5162 y Fc(\017)46 b Fm(An)33 b(additional)k(protocol)
f(is)d(required)j(for)e(an)g(end)g(host)h(to)e(request)j(an)e
(authorization)j(tok)o(en)e(from)f(an)427 5275 y(entity)h(in)e(the)g
(local)i(netw)o(ork)f(as)f(depicted)j(in)d(Section)h(10.)58
b(Note)33 b(that)h(CASP)c(could)35 b(be)e(e)o(xtended)i(to)427
5388 y(pro)o(vide)25 b(this)f(functionality)k(b)n(ut)c(currently)i(it)d
(does)h(not.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g
(Aoun)727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(11])p eop
%%Page: 12 12
12 11 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(4.5)99 b(Off-P)o(ath)25 b(Signaling)0 573 y
Fm(The)19 b(separation)k(between)d(signaling)i(message)f(deli)n(v)o
(ery)g(and)f(disco)o(v)o(ery)i(within)e(at)f(the)h(CASP)d(NTLP)g
(protocol)22 b(allo)n(ws)0 686 y(it)f(to)h(support)h(in-path)h(and)e
(of)n(f-path)h(signaling)i(easily)d(with)g(the)g(same)g(protocol.)30
b(Throughout)24 b(this)e(document)h(in-path)0 799 y(signaling)g(w)o(as)
e(assumed)h(\(the)g(Scout)f(protocol)i(is)e(used)g(per)n(-def)o(ault)k
(for)c(ne)o(xt)g(peer)g(disco)o(v)o(ery\))j(b)n(ut)d(of)n(f-path)i
(signaling)0 912 y(might)g(be)h(desired)g(in)f(some)h(scenarios)h
(where)e(a)g(third-party)j(entity)f(w)o(ants)e(to)g(signal)h(some)g
(polic)o(y)g(rules)g(to)f(a)f(\002re)n(w)o(all)0 1024
y(and)33 b(N)m(A)-10 b(Ts.)53 b(This)33 b(mechanism)g(has)g(disadv)n
(antages)j(in)d(lar)n(ger)h(netw)o(orks)g(with)e(multiple)i(\002re)n(w)
o(alls)e(since)i(topology)0 1137 y(information)26 b(is)d(required)j(in)
d(order)i(to)e(install)i(polic)o(y)g(rules)g(on)e(the)h(tra)n(v)o
(ersed)i(\002re)n(w)o(alls)d(and)h(N)m(A)-10 b(Ts.)0
1430 y Fk(5)119 b(Assumptions)0 1637 y Fm(Based)24 b(on)g(the)f(abo)o
(v)o(e-described)28 b(trust)c(relationships)k(the)c(follo)n(wing)h
(protocol)g(assumptions)i(ha)n(v)o(e)d(to)f(be)h(made.)136
1849 y Fc(\017)46 b Fm(Middlebox)o(es)27 b(along)e(the)g(path)g(are)f
(CASP-a)o(w)o(are.)29 b(If)24 b(a)g(middlebox)i(is)e(not)g(CASP-a)o(w)o
(are)f(then)i(protocol)h(func-)227 1962 y(tionality)32
b(cannot)e(be)f(fully)h(guaranteed)i(\(especially)g(if)d(the)h
(middlebox)h(cannot)f(be)f(controlled)j(with)d(the)g(help)227
2075 y(of)c(some)f(protocol)j(at)d(all\).)31 b(The)24
b(CASP-N)m(A)-10 b(TFW)20 b(NSLP)i(protocol)27 b(can)d(operate)j(with)d
(limitations)i(if)e(a)g(CASP-)227 2188 y(una)o(w)o(are)k(\002re)n(w)o
(all)f(blocks)i(all)f(CASP)d(signaling)30 b(traf)n(\002c.)40
b(T)-7 b(o)26 b(support)j(CASP-una)o(w)o(are)e(N)m(A)-10
b(Ts)25 b(along)k(the)e(path)227 2301 y(some)e(information)j(needs)e
(to)e(be)h(added)h(to)f(a)f(CASP-N)m(A)-10 b(TFW)21 b(message)26
b(to)f(allo)n(w)g(the)g(signaling)i(message)f(re-)227
2414 y(cei)n(ving)d(entity)g(to)e(v)o(erify)h(that)g(the)f(source)i(ip)
e(address)i(\(and)f(port)g(numbers\))h(ha)n(v)o(e)f(changed.)30
b(Currently)23 b(no)e(such)227 2527 y(object)k(is)f(included)h(in)f
(this)g(v)o(ersion)h(of)e(the)h(document.)136 2715 y
Fc(\017)46 b Fm(The)19 b(end)h(host)g(should)h(not)f(be)f(required)j
(to)d(kno)n(w)h(the)f(topology)j(of)d(the)h(netw)o(orks)h(along)g(the)e
(path)h(or)g(some)f(other)227 2827 y(netw)o(ork)h(internal)h(issues.)28
b(Therefore)20 b(it)f(is)f(not)h(possible)i(to)d(mak)o(e)h(an)g
(assumption)i(about)f(routing)g(and)f(hence)h(we)227
2940 y(ha)n(v)o(e)28 b(to)f(assume)h(asymmetric)h(routes.)41
b(As)27 b(a)g(consequence)j(end)e(hosts)h(include)g(unidirectional)i
(pack)o(et)e(\002lters)227 3053 y(only)-6 b(.)34 b(W)l(ithin)25
b(a)g(administrati)n(v)o(e)i(domain)f(where)f(more)g(information)i(is)d
(a)n(v)n(ailable)j(this)f(assumption)h(might)e(not)227
3166 y(hold)g(and)f(the)f(establishment)k(of)d(bi-directional)j(pack)o
(et)e(\002lters)f(could)h(be)e(possible.)0 3459 y Fk(6)119
b(N)n(A)-11 b(T)30 b(In)-5 b(v)o(olv)o(ement)0 3666 y
Fm(T)e(w)o(o)32 b(issues)j(need)f(to)f(be)h(addressed)i(when)d(N)m(A)
-10 b(Ts)32 b(are)h(present)i(along)g(the)f(path.)59
b(Since)33 b(the)h(end)g(host)g(should)h(not)0 3779 y(a-priori)c(kno)n
(wledge)g(about)g(the)e(location,)j(number)f(and)e(types)i(of)e(N)m(A)
-10 b(Ts)27 b(along)k(the)e(path)h(their)g(presence)h(has)f(to)f(be)0
3892 y(assumed.)141 4005 y(First,)24 b(the)f(CASP)f(signaling)k
(messages)f(itself)g(must)f(be)f(able)i(to)e(tra)n(v)o(erse)j(a)d
(non-CASP)g(a)o(w)o(are)g(N)m(A)-10 b(T)22 b(box)i(without)0
4117 y(major)e(problems.)30 b(A)21 b(N)m(A)-10 b(T)20
b(binding)k(of)e(a)f(non-CASP)h(a)o(w)o(are)g(N)m(A)-10
b(T)19 b(can)k(be)f(established)j(and)e(maintained)h(much)e(easier)0
4230 y(with)g(TCP)d(than)k(with)e(UDP)-10 b(.)20 b(CASP)f(recommends)24
b(the)e(usage)h(of)e(transport)k(protocols)f(such)f(as)e(TCP)f(or)i
(SCTP)d(In)j(case)0 4343 y(that)j(the)g(N)m(A)-10 b(T)22
b(is)i(CASP-a)o(w)o(are)f(problems)j(only)g(occur)f(if)g(source)h(port)
f(numbers)g(are)g(\002x)o(ed.)31 b(CASP)22 b(does)k(not)f(require)0
4456 y(\002x)o(ed)e(source)i(port)f(numbers)h(to)f(be)f(used.)141
4569 y(The)34 b(second)h(issue)g(addresses)h(data)f(pack)o(ets)g(for)f
(which)h(a)e(N)m(A)-10 b(T)32 b(binding)j(needs)g(to)f(be)g(requested.)
62 b(When)34 b(an)0 4682 y(end)27 b(host)f(starts)i(to)e(transmit)h
(scout)g(pack)o(ets)h(to)e(disco)o(v)o(er)i(the)e(presence)j(of)d
(\002re)n(w)o(alls)g(and)h(N)m(A)-10 b(Ts)24 b(along)j(the)g(path)f(it)
g(is)0 4795 y(willing)j(to)e(subsequently)32 b(transmit)d(data)g(pack)o
(ets)h(which)e(match)g(the)g(pack)o(et)i(\002lter)-5
b(.)41 b(Subsequently)31 b(such)e(a)e(\002re)n(w)o(all-)0
4908 y(N)m(A)-10 b(T)i(-\002re)n(w)o(all)24 b(scenario)k(is)d
(described)j(to)e(e)o(xplain)h(the)f(basic)h(protocol)h(interaction)g
(and)f(the)f(usefulness)i(for)e(allo)n(wing)0 5021 y(pack)o(et)35
b(\002lters)f(to)g(change)i(mid-path)f(\(i.e.)59 b(along)35
b(the)f(path\).)60 b(Mid-session)37 b(changes)f(of)d(pack)o(et)j
(\002lters)e(happen)h(in)0 5134 y(mobility)25 b(cases)f(\(for)g(e)o
(xample)h(if)e(the)h(end)g(host)g(obtains)i(a)d(ne)n(w)g(care-of)i
(address\).)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g
(Aoun)727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(12])p eop
%%Page: 13 13
13 12 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)55
1423 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o
(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o
(--)o(--)o(+)55 1535 y(|)3435 b(|)55 1648 y(|)2781 b(Network)51
b(A)163 b(|)55 1761 y(|)3435 b(|)55 1874 y(|)217 b(PF=\(192.168.1.5)o
(;)758 b(PF=\(139.23.203)o(.3)o(0;)593 b(|)55 1987 y(|)435
b(tcp+udp;666\))977 b(tcp+udp;7000\))648 b(|)55 2100
y(|)1417 b(+---------+)813 b(+----------+)55 2213 y(|)545
b(+----///------)o(->)o(+)157 b(NAT)163 b(+------///----)o(->)o(+)49
b(Firewall)h(+-->)55 2326 y(|)545 b(|)817 b(|)218 b(1)g(|)817
b(|)218 b(2)272 b(|)55 2439 y(|)545 b(|)817 b(+---------+)c
(+----------+)55 2552 y(|)545 b(|)2835 b(|)55 2665 y(|)272
b(+----+-----+)2503 b(|)55 2777 y(|)272 b(|)54 b(Firewall)d(|)2508
b(|)55 2890 y(|)272 b(|)218 b(1)272 b(|)2508 b(|)55 3003
y(|)272 b(+----+-----+)2503 b(|)55 3116 y(|)545 b(\210)2835
b(|)55 3229 y(|)545 b(-)108 b(PF=\(192.168.1.5)o(;)1848
b(|)55 3342 y(|)545 b(-)326 b(tcp+udp;666\))1849 b(|)55
3455 y(|)545 b(|)2835 b(|)55 3568 y(|)381 b(+--+---+)2614
b(|)55 3681 y(|)381 b(|)54 b(Host)f(|)2617 b(|)55 3794
y(|)381 b(|)109 b(A)163 b(|)2617 b(|)55 3907 y(|)381
b(+------+)2614 b(|)55 4019 y(+-------------)o(--)o(--)o(--)o(---)o(--)
o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o
(---)o(--)o(--)o(--)o(--)o(+)1446 4315 y Fm(Figure)24
b(6:)29 b(N)m(A)-10 b(T)21 b(In)l(v)n(olv)o(ement)0 5656
y Fl(H.)d(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(13])p eop
%%Page: 14 14
14 13 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(In)h(Figure)h(6)f(a)g(hosts)h(\(Host)g(A\))e(w)o(ants)h(to)h
(enable)g(transmit)h(data)f(traf)n(\002c)f(from)g(source)i(IP)d
(address)j(192.168.1.5)g(to)0 511 y(a)i(gi)n(v)o(en)g(destination)j(IP)
c(address)j(\(not)f(sho)n(wn)f(in)g(the)g(Figure)g(6\))g(at)g(port)h
(666)f(\(both)h(udp)g(and)f(tcp\).)43 b(Therefore)29
b(Host)0 624 y(A)f(transmits)j(a)e(CASP-N)m(A)-10 b(TFW)24
b(message)31 b(to)e(Fire)n(w)o(all)g(1)g(\(after)h(disco)o(v)o(ering)i
(that)e(this)g(\002re)n(w)o(all)f(is)g(the)g(ne)o(xt)h(CASP)0
737 y(supporting)d(node)e(along)g(the)f(data)h(path\))g(to)f(create)h
(the)f(corresponding)k(pack)o(et)e(\002lters.)k(Note)24
b(that)g(the)g(traf)n(\002c)g(selector)0 850 y(is)j(unidirectional.)43
b(This)27 b(scenario)i(sho)n(ws)e(a)f(sender)n(-initiated)32
b(scenario.)41 b(Fire)n(w)o(all)27 b(1)f(installs)j(tw)o(o)e(polic)o(y)
h(rules)f(\(one)0 963 y(for)32 b(udp)h(and)g(the)g(other)g(one)g(for)f
(tcp\))h(after)g(successful)i(authentication)i(and)c(authorization.)58
b(After)33 b(forw)o(arding)h(to)0 1076 y(the)f(ne)o(xt)g(middlebox)i
(\(a)e(N)m(A)-10 b(T)31 b(in)h(this)i(case\))g(a)e(N)m(A)-10
b(T)31 b(binding)j(has)g(to)e(be)h(created)i(for)e(the)g(gi)n(v)o(en)g
(traf)n(\002c)g(selectors.)0 1189 y(The)e(e)o(xternally)j(visible)f
(pack)o(et)g(\002lter)f(\(IP)e(address)k(changed)f(to)f(139.23.203.30)i
(and)e(port)g(number=7000\))j(is)c(then)0 1302 y(forw)o(arded)i(to)e
(the)h(ne)o(xt)f(\002re)n(w)o(all)g(\(Fire)n(w)o(all)h(2\).)52
b(Fire)n(w)o(all)31 b(2)g(again)h(creates)h(polic)o(y)f(rules)g(after)g
(authentication)k(and)0 1415 y(authorization.)d(Then)23
b(the)h(signaling)i(message)f(is)e(forw)o(arded)j(to)n(w)o(ards)e(the)g
(destination.)141 1528 y(After)19 b(the)h(signaling)h(messages)g
(reaches)g(the)e(destination)k(IP)18 b(address)j(or)e(until)h(no)f
(further)i(\002re)n(w)o(all)e(can)g(be)g(reached)0 1641
y(\(for)30 b(e)o(xample)h(because)g(the)f(message)h(is)e(rejected)j(at)
d(a)g(non)h(CASP-a)o(w)o(are)f(\002re)n(w)o(all\))g(a)i(R)t
Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)36 b Fm(message)31 b(is)e(re-)0
1753 y(turned)36 b(\(if)g(requested)h(by)e(the)g(signaling)j(message)e
(initiator\).)66 b(A)36 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)41
b Fm(message)36 b(w)o(ould)f(contain)i(a)e(Status)0 1866
y(object)23 b(which)g(includes)h(information)g(about)f(the)g(applied)h
(pack)o(et)f(\002lter)f(and)g(whether)h(the)g(message)g(reached)h(its)e
(tar)n(get)0 1979 y(or)i(not.)31 b(In)24 b(case)h(of)f(N)m(A)-10
b(Ts)22 b(along)k(the)e(path)h(the)f(pack)o(et)i(\002lter)e
(information)j(is)d(then)h(included)h(in)e(protocols)j(lik)o(e)e(SIP)d
(to)0 2092 y(communicate)k(on)d(which)h(protocol/port)k(data)c(will)f
(be)g(sent.)141 2205 y(In)31 b(case)g(no)i(R)t Fd(E)t(S)t(P)t(O)t(N)t
(S)t(E)k Fm(message)32 b(is)f(sent)g(back,)i(the)f(CASP-N)m(A)-10
b(TFW)26 b(a)o(w)o(are)31 b(NFs)e(on)i(the)g(path)h(will)f(return)h(a)2
2318 y(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)27 b Fm(message)22
b(with)f(an)h(unsuccessful)j(end)c(to)g(end)h(message)g(deli)n(v)o(ery)
h(error)f(when)f(an)h(associated)i(timer)d(to)g(the)0
2431 y(e)o(xisting)26 b(installed)h(state)f(\(rele)n(v)n(ant)h(to)d
(the)h(reception)i(of)e(the)g(CREA)-10 b(TE)21 b(message\))27
b(e)o(xpires.)33 b(The)25 b(CASP-N)m(A)-10 b(TFW)20 b(NI)0
2544 y(will)i(recei)n(v)o(e)g(only)h(one)h(R)t Fd(E)t(S)t(P)t(O)t(N)t
(S)t(E)k Fm(message)23 b(it)f(may)g(recei)n(v)o(e)h(more)e(than)i(one)f
(in)g(particular)j(cases.)k(It)21 b(is)h(up)g(to)g(the)g(NI)0
2657 y(to)f(decide)i(if)e(it)g(has)h(to)f(proceed)i(with)f(the)f
(application)k(or)c(not.)28 b(Ev)o(ery)22 b(CASP-N)m(A)-10
b(TFW)17 b(on)k(the)h(path)g(will)f(need)h(to)f(\002lter)0
2770 y(out)i(the)g(associated)28 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)r
Fm(,)f(messages)d(to)f(the)g(same)g(original)k(C)t Fd(R)t(E)t(A)l(T)t
(E)g Fm(message,)d(sent)f(by)g(the)g(CASP-N)m(A)-10 b(TFW)0
2883 y(NFs)19 b(on)i(the)g(upstream.)29 b(In)21 b(case)g(a)h(R)t
Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)27 b Fm(message)22 b(pro)o(vides)g(a)f
(dif)n(ferent)h(\002lter)f(within)g(the)g(installed)i(polic)o(y)f(rule)
0 2995 y(attrib)n(ute,)28 b(the)g(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k
Fm(message)27 b(will)e(be)g(forw)o(arded)j(on)e(the)g(do)n(wnstream)h
(to)n(w)o(ards)f(the)g(CASP-N)m(A)-10 b(TFW)21 b(a)o(w)o(are)0
3108 y(NI.)141 3221 y(Section)k(10)e(additionally)k(addresses)f(some)e
(message)h(\003o)n(ws)d(with)i(N)m(A)-10 b(T)21 b(in)l(v)n(olv)o
(ement.)0 3511 y Fk(7)119 b(Operation)0 3718 y Fm(CASP-N)m(A)-10
b(TFW)19 b(de\002nes)25 b(the)e(follo)n(wing)i(message)g(types:)0
3914 y Ff(P)o(ath:)46 b Fm(A)37 b(P)m Fd(A)l(T)t(H)i
Fm(message)f(allo)n(ws)f(a)f(recei)n(v)o(er)n(-initiated)42
b(reserv)n(ation)e(approach.)71 b(This)36 b(message)i(does)g(not)f
(cause)227 4027 y(pack)o(et)31 b(\002lters)d(to)h(be)g(installed)i
(although)g(all)e(objects)h(are)f(present.)46 b(This)28
b(message)i(is)f(then)g(used)h(as)e(a)h(trigger)227 4140
y(to)c(cause)h(a)h(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(to)c(be)g(returned.)35
b(The)27 b(P)m Fd(A)l(T)t(H)f Fm(message)h(transmitting)g(entity)g
(includes)g(the)e(objects)i(which)227 4253 y(are)j(later)h(used)g(\(if)
f(not)h(modi\002ed\))f(by)g(the)h(sender)g(of)f(the)i(C)t
Fd(R)t(E)t(A)l(T)t(E)i Fm(message.)50 b(The)31 b(P)l(A)-6
b(T)t(H)32 b(message)f(allo)n(ws)227 4366 y(recei)n(v)o(er)n
(-initiated)e(signaling)d(to)d(be)h(supported.)0 4548
y Ff(Cr)n(eate:)48 b Fm(A)32 b(C)t Fd(R)t(E)t(A)l(T)t(E)j
Fm(message)e(allo)n(ws)f(to)f(establish)j(or)d(update)i(NSLP)c(state)j
(\(i.e.)52 b(polic)o(y)33 b(rules\))g(at)e(one)h(or)f(more)227
4661 y(\002re)n(w)o(all\(s\))e(along)h(the)f(path.)44
b(V)-10 b(eri\002cation)30 b(is)e(necessary)j(to)e(ensure)h(that)f
(polic)o(y)g(rule)g(creation)i(is)d(allo)n(wed)h(by)227
4773 y(the)i(requesting)i(entity)e(and)g(that)f(no)h(other)g(local)g
(security)h(polic)o(y)f(is)f(violated.)51 b(In)30 b(case)g(a)g
(security)i(polic)o(y)f(is)227 4886 y(violated)d(or)d(the)h(creation)i
(of)d(the)h(polic)o(y)h(rule\(s\))g(is)e(not)h(permitted,)i(a)f(R)t
Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k Fm(message)c(with)f(a)f(\224Security)227
4999 y(Polic)o(y)33 b(V)-5 b(iolated\224)35 b(error)e(code)h(is)f
(returned.)59 b(If)33 b(the)i(C)t Fd(R)t(E)t(A)l(T)t(E)i
Fm(message)d(is)f(used)h(without)g(a)f(pre)n(vious)k(P)m
Fd(A)l(T)t(H)227 5112 y Fm(message)25 b(then)f(it)g(represents)i(a)d
(typical)i(sender)n(-initiated)k(reserv)n(ation.)0 5294
y Ff(Release:)48 b Fm(A)33 b(R)t Fd(E)t(L)t(E)t(A)t(S)t(E)38
b Fm(message)33 b(is)f(used)h(to)f(delete)i(installed)g(NSLP)c(state)j
(at)f(a)g(\002re)n(w)o(all)g(and)h(to)f(release)i(a)d(N)m(A)-10
b(T)227 5407 y(binding)32 b(without)g(w)o(aiting)f(for)f(a)g
(soft-state)j(timeout.)49 b(This)30 b(message)i(can)e(only)h(delete)h
(pre)n(viously)h(installed)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(14])p eop
%%Page: 15 15
15 14 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)227
399 y(state.)60 b(Referring)35 b(to)e(pre)n(viously)j(installed)g
(state)f(can)e(easily)i(be)f(done)g(using)h(the)f(session)h
(identi\002er)-5 b(.)60 b(Only)227 511 y(authorized)32
b(parties)f(are)e(allo)n(wed)g(to)g(delete)h(installed)i(state,)e(this)
g(includes)h(the)e(creator)i(of)d(the)i(state)f(or)g(other)227
624 y(parties)c(trusted)h(by)d(the)h(state)g(creator)h(\(useful)h(for)d
(f)o(ail)h(o)o(v)o(er)g(of)f(the)h(state)h(creator\).)0
798 y Ff(Response:)46 b Fm(A)25 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k
Fm(message)c(is)e(either)i(sent)f(to)f(ackno)n(wledge)j(a)d(pre)n
(vious)i(message)g(or)e(to)h(indicate)h(an)f(error)-5
b(.)227 911 y(In)20 b(case)g(of)g(an)f(ackno)n(wledgement)k(it)c(is)h
(required)h(that)g(the)e(signaling)k(message)d(initiator)i(requests)g
(the)e(transmis-)227 1023 y(sion)26 b(of)e(a)h(response)i(message.)33
b(Therefore)26 b(the)f(Ne)o(xt)f(object,)j(discussed)g(in)e(Section)g
(9,)g(is)f(set)h(to)g(the)g(Response)227 1136 y(message.)54
b(No)30 b(state)i(information)i(is)d(modi\002ed)h(by)g(processing)i
(and)e(forw)o(arding)i(an)d(ackno)n(wledgement.)55 b(If)227
1249 y(an)25 b(error)h(has)f(to)g(be)g(returned)i(then)f(the)f(error)h
(code)g(inside)g(the)h(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k
Fm(message)26 b(allo)n(ws)g(to)e(specify)j(more)227 1362
y(detailed)i(error)f(information.)40 b(Such)27 b(an)g(error)g(code)h
(might)f(for)g(e)o(xample)g(indicate)i(missing)f(user)f(speci\002c)h
(cre-)227 1475 y(dentials,)f(a)e(missing)h(authorization)j(tok)o(en)d
(or)f(a)f(security)j(polic)o(y)f(violation.)36 b(Detailed)26
b(error)g(codes)g(ha)n(v)o(e)f(to)g(be)227 1588 y(de\002ned)g(in)e
(future)i(v)o(ersions)g(of)f(this)g(document.)0 1761
y Ff(Query:)46 b Fm(A)28 b(Q)s Fd(U)t(E)t(R)o(Y)h Fm(message)f
(triggers)g(a)g(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)33 b
Fm(message)28 b(to)e(return)i(installed)h(state)f(information.)40
b(The)26 b(main)227 1874 y(purpose)33 b(of)e(this)g(message)h(is)f(to)g
(pro)o(vide)h(diagnostic)i(f)o(acilities.)53 b(An)30
b(initiator)j(must)e(only)h(be)f(able)g(to)g(query)227
1987 y(o)n(wned)36 b(state)g(information.)66 b(Otherwise)36
b(the)g(entire)g(set)f(of)h(polic)o(y)g(rules)g(of)f(a)g(\002re)n(w)o
(all)g(could)h(be)g(retrie)n(v)o(ed)227 2100 y(which)31
b(causes)h(security)h(concerns.)53 b(An)30 b(adv)o(ersary)j(w)o(ould)e
(ha)n(v)o(e)g(a)f(simple)i(mechanism)g(to)e(retrie)n(v)o(e)i(a)e(lot)h
(of)227 2213 y(useful)25 b(information)h(for)e(subsequent)j(attacks.)0
2386 y Ff(T)-7 b(rigger:)48 b Fm(The)37 b(T)t Fd(R)t(I)t(G)t(G)t(E)t(R)
h Fm(message)e(is)f(an)g(asynchronous)k(e)n(v)o(ent)d(noti\002cation)i
(sent)d(by)h(a)e(CASP-N)m(A)-10 b(TFW)31 b(a)o(w)o(are)227
2499 y(node.)51 b(Unlik)o(e)31 b(the)g(CREA)-10 b(TE)27
b(message)32 b(it)e(does)h(not)g(create)h(or)e(modify)i(NSLP)c(state)j
(at)f(nodes)i(between)g(the)227 2612 y(initiator)c(and)e(the)f(tar)n
(get)i(of)e(the)j(T)t Fd(R)t(I)t(G)t(G)t(E)t(R)r Fm(.)35
b(As)25 b(a)f(dif)n(ference)k(to)d(the)h(P)-8 b(A)e(TH)23
b(message)j(also)g(no)g(NTLP)c(routing)227 2725 y(state)33
b(is)f(created)h(at)f(nodes)i(between)f(the)f(initator)i(and)e(the)g
(tar)n(get)i(of)e(the)i(T)t Fd(R)t(I)t(G)t(G)t(E)t(R)r
Fm(.)55 b(Some)31 b(sort)i(of)f(trigger)227 2838 y(message)d(is)e
(required)i(to)e(support)i(access)f(netw)o(ork)h(signaling)h(message)e
(e)o(xchanges)h(as)f(described)h(in)e(Section)227 2951
y(10)h(and)g(in)f(Section)i(4.4.)40 b(\(TBD:)26 b(This)i(usefulness)i
(of)e(this)g(message)g(or)g(other)g(technical)i(alternati)n(v)o(es)h
(require)227 3064 y(some)24 b(in)l(v)o(estigation.\))141
3234 y(The)29 b(follo)n(wing)j(table)e(sho)n(ws)g(the)g(basic)h
(message)g(beha)n(vior)h(whereby)f(the)f(follo)n(wing)i(abbre)n
(viations)h(are)d(used:)2 3346 y Fd(M)t(A)l(Y)25 b Fm(\(O\),)g
Fd(M)t(U)t(S)t(T)k(N)t(O)q(T)c Fm(\(\226\),)h Fd(M)t(U)t(S)t(T)h
Fm(\(M\))c(or)g(N)m(A)f(\(Not)h(Applicable\)\))141 3459
y(The)32 b(operations)k(specify)f(which)e(message)h(might)f(indicate)i
(information)g(to)e(trigger)h(which)f(other)h(message)g(in)0
3572 y(response)f(by)e(the)g(other)h(end.)51 b(Some)30
b(messages)i(\(such)g(as)e(an)h(error)h(message\))g(are)f(created)h
(automatically)i(without)0 3685 y(pre)n(vious)26 b(indication.)50
3849 y(Msg/Ne)o(xt)e(Msg)100 b(P)o(ath)g(Create)h(Release)g(Response)h
(Query)f(T)m(rigger)p 0 3886 2770 4 v 50 3965 a(P)o(ath)486
b(N)m(A)131 b(M)256 b(\226)337 b(O)382 b(\226)282 b(\226)50
4078 y(Create)410 b(O)194 b(O)271 b(\226)337 b(O)382
b(\226)282 b(\226)50 4191 y(Release)365 b(\226)215 b(\226)292
b(O?)276 b(O)382 b(M)246 b(\226)50 4304 y(Response)300
b(\226)215 b(\226)292 b(\226)337 b(N)m(A)319 b(\226)282
b(\226)50 4417 y(Query)420 b(\226)215 b(\226)292 b(\226)337
b(M)367 b(N)m(A)198 b(\226)50 4530 y(T)m(rigger)378 b(O)194
b(O)271 b(O?)276 b(\226)403 b(\226)282 b(N)m(A)141 4691
y(Note)23 b(that)g(the)f(\224Must\224)i(entries)g(in)e(the)h(table)g
(abo)o(v)o(e)g(indicate)i(only)e(the)g(def)o(ault)h(beha)n(vior)-5
b(.)31 b(F)o(or)22 b(e)o(xample:)29 b(A)24 b(P)m Fd(A)l(T)t(H)0
4804 y Fm(message)g(must)g(be)f(follo)n(wed)i(by)e(a)i(C)t
Fd(R)t(E)t(A)l(T)t(E)i Fm(message.)j(Ho)n(we)n(v)o(er)23
b(in)g(case)h(of)f(an)g(error)i(a)f(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)30
b Fm(message)24 b(\(with)0 4917 y(an)g(error)g(code\))h(will)e(be)g
(returned.)141 5029 y(The)g(follo)n(wing)i(issues)g(still)f(require)h
(some)f(in)l(v)o(estigations:)136 5181 y Fc(\017)46 b
Fm(T)-7 b(o)24 b(enable)j(a)d(bi-directional)30 b(reserv)n(ation)e(the)
d(sender)h(of)f(a)i(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(message)d(has)g(to)f
(indicate)i(either)f(another)229 5294 y(C)t Fd(R)t(E)t(A)l(T)t(E)i
Fm(message)d(in)f(the)g(Ne)o(xt)f(object)i(or)f(a)h(P)m
Fd(A)l(T)t(H)g Fm(message.)31 b(It)23 b(is)h(questionable)j(whether)e
(a)e(sender)n(-initiated)227 5407 y(signaling)j(message)f(should)g
(follo)n(w)f(a)f(recei)n(v)o(er)n(-initiated?)0 5656
y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(15])p eop
%%Page: 16 16
16 15 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)136
399 y Fc(\017)46 b Fm(Is)24 b(it)f(useful)i(to)e(allo)n(w)h(a)h(R)t
Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k Fm(or)24 b(a)h(R)t Fd(E)t(L)t(E)t(A)t(S)
t(E)k Fm(message)c(to)e(follo)n(w)h(a)h(R)t Fd(E)t(L)t(E)t(A)t(S)t(E)30
b Fm(message?)0 691 y Fk(8)119 b(T)-9 b(ypical)31 b(P)n(olicy)e(Rule)i
(Attrib)n(utes)0 898 y Fm(This)25 b(paragraph)j(describes)g(some)e
(typically)i(used)e(attrib)n(utes.)37 b(Other)26 b(attrib)n(utes)i
(such)e(as)f(\003o)n(w)f(labels)j(might)f(be)f(used)0
1011 y(b)n(ut)19 b(are)g(considered)i(as)e(an)f(e)o(xception)j(of)e
(the)f(pack)o(et)i(\002lter)-5 b(.)27 b(W)-7 b(e)18 b(belie)n(v)o(e)i
(that)f(a)f(granularity)j(at)e(transport)i(layer)e(protocol)0
1124 y(state-le)n(v)o(el)26 b(\(syn,)e(syn/ack,)h(ack,)f(etc.\))29
b(is)23 b(not)h(required)i(for)d(in-path)j(signaling.)136
1336 y Fc(\017)46 b Fm(Source/destination)29 b(IPv4)23
b(and)h(IPv6)g(addresses)136 1524 y Fc(\017)46 b Fm(Port)24
b(numbers)g(\(possibly)i(including)h(ranges)e(and)f(a)f(list)h(of)f
(port)h(numbers\))136 1712 y Fc(\017)46 b Fm(T)m(ransport)25
b(protocol)h(\(for)e(e)o(xample)g(TCP)-10 b(,)21 b(UDP\))136
1899 y Fc(\017)46 b Fm(SPI)22 b(\(for)i(IPSec)f(protected)j(data)e
(traf)n(\002c\))136 2087 y Fc(\017)46 b Fm(Identi\002ers)26
b(for)d(AH)f(and)i(ESP)e(\(Protocol)j(numbers,)f(ne)o(xt)g(headers)i
(\002elds\))141 2300 y(A)j(N)m(A)-10 b(T)27 b(object)k(returned)h(to)e
(the)g(signaling)i(message)f(initiator)h(contains)g(the)e(same)g
(attrib)n(ute)i(types.)48 b(The)29 b(N)m(A)-10 b(T)0
2412 y(object)28 b(is)e(included)j(as)e(a)f(payload)j(in)d(the)h
(Status)g(object.)40 b(A)25 b(signaling)30 b(message)d(originator)j
(may)c(also)h(use)h(the)e(N)m(A)-10 b(T)0 2525 y(object)25
b(to)e(request)j(a)d(particular)j(N)m(A)-10 b(T)21 b(binding)26
b(to)d(tak)o(e)h(place.)30 b(The)23 b(same)h(object)h(is)e(used)h(for)g
(this)g(purpose.)141 2638 y(There)c(are)g(only)h(tw)o(o)f(actions)h
(de\002ned)g(for)f(a)f(polic)o(y)i(rule:)28 b(\224allo)n(w)20
b(/)g(no)g(logging\224)i(\(def)o(ault\))g(and)f(\224allo)n(w)f(/)f
(logging\224.)0 2751 y(The)30 b(\002rst)g(action)i(does)f(not)f
(require)i(additional)i(objects)e(to)e(be)g(included)j(other)e(than)g
(the)g(pack)o(et)h(\002lter)-5 b(.)49 b(This)30 b(is)g(the)0
2864 y(def)o(ault)f(action.)41 b(If)27 b(a)g(\224allo)n(w)g(/)g
(logging\224)j(action)e(has)g(to)f(be)g(speci\002ed)i(then)f(the)g
(Logging)g(Action)g(object,)h(de\002ned)f(in)0 2977 y(9,)23
b(has)h(to)g(be)f(included.)32 b(This)23 b(action)i(creates)h(log)e
(entries)h(whene)n(v)o(er)f(the)g(rule)h(w)o(as)e(triggered.)31
b(End)24 b(hosts)h(are)e(usually)0 3090 y(not)h(allo)n(wed)h(to)f
(specify)i(this)f(beha)n(vior)h(because)g(it)e(could)h(be)f(used)h(for)
g(a)e(denial)j(of)e(service)h(attack)h(to)e(cause)h(log)f(\002les)0
3203 y(to)f(gro)n(w)h(quickly)h(and)f(without)h(bounds.)141
3316 y(Note)31 b(that)g(a)f(single)i(pack)o(et)g(\002lter)f(might)g
(also)g(specify)h(a)e(range)i(or)e(ports.)51 b(Furthermore)33
b(it)d(is)g(also)h(possible)i(to)0 3429 y(specify)24
b(more)e(than)h(one)f(polic)o(y)i(rule)e(within)h(a)f(single)h
(signaling)i(message)e(\(e.g.)28 b(for)23 b(of)n(f-path)g(signaling\).)
32 b(This)21 b(issue,)0 3542 y(ho)n(we)n(v)o(er)l(,)j(requires)h
(further)h(in)l(v)o(estigation.)0 3834 y Fk(9)119 b(Objects)0
4041 y Fm(The)23 b(follo)n(wing)i(objects)g(are)f(used)g(by)g(the)g
(CASP-N)m(A)-10 b(TFW)19 b(client)25 b(protocol:)0 4290
y Fj(9.1)99 b(Logging)25 b(Action)0 4465 y Fm(This)20
b(object)i(indicates)h(which)e(pack)o(et)h(\002lter\(s\))f(w)o(ant)g
(to)f(ha)n(v)o(e)h(logging)i(speci\002ed.)29 b(Note)21
b(that)g(end)g(host)g(are)f(usually)j(not)0 4578 y(allo)n(wed)i(to)g
(specify)h(this)f(beha)n(vior)j(for)c(in-path)j(signaling.)34
b(It)25 b(might)g(ho)n(we)n(v)o(er)g(be)f(requested)j(within)f(the)e
(netw)o(ork)i(or)0 4690 y(in)f(case)h(of)e(of)n(f-path)j(signaling.)36
b(\(TBD:)23 b(Some)i(in)l(v)o(estigation)j(is)d(required)i(to)e(e)n(v)n
(aluate)h(whether)g(this)g(action)g(is)f(really)0 4803
y(required.\))0 5053 y Fj(9.2)99 b(A)n(pplicationID)0
5227 y Fm(This)30 b(object)i(contains)h(an)d(identi\002er)i(to)f(pro)o
(vide)h(more)e(information)j(about)f(the)e(data)i(for)e(which)h(the)g
(polic)o(y)g(rule)g(is)0 5340 y(installed.)40 b(Application-le)n(v)o
(el)30 b(\002re)n(w)o(alls)d(and)g(\002re)n(w)o(alls)f(with)g(stateful)
j(inspection)g(are)e(able)g(to)f(use)h(this)g(information.)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(16])p eop
%%Page: 17 17
17 16 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y(Pro)o(viding)i(a)e(wrong)i(application)h(identi\002er)g(for)d(a)h
(gi)n(v)o(en)g(data)g(traf)n(\002c)g(w)o(ould)g(then)h(cause)f(a)g
(processing)i(f)o(ailure.)31 b(Such)0 511 y(a)k(beha)n(vior)j(is)d
(more)g(secure)i(than)f(a)f(traditional)j(pack)o(et)f(\002lter)e
(\002re)n(w)o(all.)64 b(Note)35 b(ho)n(we)n(v)o(er)h(that)g(encrypted)h
(end-to-)0 624 y(end)d(traf)n(\002c)g(might)g(reduce)h(this)f(adv)n
(antage)i(to)e(some)g(de)o(gree.)60 b(A)33 b(local)h(security)i(polic)o
(y)f(might)f(indicate)h(that)g(this)0 737 y(information)e(is)d
(required)j(before)f(creating)g(polic)o(y)g(rules.)51
b(A)29 b(missing)j(ApplicationID)h(object)f(w)o(ould)f(then)g(cause)h
(a)0 850 y(\224Application)26 b(ID)d(require\224)28 b(R)t
Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)h Fm(message)c(with)e(an)h(error)g(code)g
(is)g(returned.)0 1099 y Fj(9.3)99 b(Next)0 1274 y Fm(The)22
b Fi(Ne)m(xt)g Fm(object)i(indicates)h(the)e(ne)o(xt)g(request)h(that)f
(the)g(signaling)i(message)f(recei)n(v)o(er)g(should)g(generate)g(if)f
(the)f(incom-)0 1387 y(ing)g(message)h(w)o(as)e(successfully)k
(processed.)30 b(Section)23 b(7)e(sho)n(ws)h(possible)h(combinations)i
(of)c(messages.)30 b(F)o(or)21 b(e)o(xample,)0 1499 y(a)26
b(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(message)d(might)g(contain)h(a)d
Fi(Ne)m(xt)h Fm(object)h(which)g(is)f(set)g(to)i(C)t
Fd(R)t(E)t(A)l(T)t(E)j Fm(causing)d(another)g(create)f(message)g(to)0
1612 y(be)h(returned.)38 b(Such)26 b(a)f(message)i(\003o)n(w)e(w)o
(ould)h(represent)i(a)e(bi-directional)j(reserv)n(ation.)39
b(A)25 b(frequently)j(used)f(object)g(is)0 1725 y(the)d(response)i
(object)f(pro)o(viding)g(indications)i(about)e(a)e(pre)n(viously)j
(submitted)g(message.)0 1974 y Fj(9.4)99 b(A)-5 b(uthorization)26
b(T)-9 b(ok)o(en)0 2149 y Fm(This)22 b(object)h(is)e(used)i(as)f
(described)i(in)e(Figure)g(5)f(of)h(Section)h(4.4.)28
b(More)22 b(description)j(will)c(be)h(added)h(in)e(the)h(near)h(future)
0 2262 y(\(see)h(Section)h(13\).)0 2511 y Fj(9.5)99 b(CMS)25
b(Cr)n(edential)h(Object)0 2685 y Fm(This)f(object)i(allo)n(ws)f(user)h
(speci\002c)f(cryptographic)k(credentials)f(to)c(be)h(transmitted)i(to)
d(speci\002c)i(CASP)c(peers)k(\(or)f(net-)0 2798 y(w)o(orks\))h(along)h
(the)f(path.)38 b(Figure)27 b(4)f(describes)j(a)d(scenario)j(where)e
(such)g(an)f(object)i(is)f(required.)39 b(Attrib)n(utes)29
b(included)0 2911 y(in)23 b(this)i(object)f(are)g(also)g(brie\003y)g
(mentioned)i(in)d(Section)i(4.3.)0 3160 y Fj(9.6)99 b(T)n(ime)0
3334 y Fm(This)28 b(object)i(indicates)h(that)f(\002lters)f(should)h
(be)e(installed)j(some)n(where)f(in)e(the)h(near)h(future.)45
b(This)28 b(might)h(be)g(required)0 3447 y(in)f(the)h(conte)o(xt)g(of)g
(in-adv)n(ance)i(QoS)c(reserv)n(ation)k(for)d(a)g(conferencing)k
(scenario.)45 b(If)28 b(this)h(object)g(is)f(not)h(present,)i(the)0
3560 y(current)25 b(time)f(is)f(used.)0 3809 y Fj(9.7)99
b(Age)0 3984 y Fm(The)32 b(Age)f(object)i(is)f(used)h(to)f(quickly)i
(determine)g(whether)f(an)o(y)f(of)f(the)i(NSLP)c(object)34
b(has)e(changed)i(\(for)e(e)o(xample)0 4097 y(pack)o(et)26
b(\002lter\),)e(to)g(a)n(v)n(oid)i(a)d(bit-by-bit)k(comparison.)33
b(The)24 b(Age)f(object)j(might)e(be)h(useful)g(for)f(messages)i(which)
f(refresh)0 4209 y(established)35 b(state)e(information)i(only)-6
b(.)55 b(Uniqueness)35 b(of)d(the)g(Age)g(object)h(is)f(only)h
(required)h(only)f(within)g(a)f(session.)0 4322 y(Whene)n(v)o(er)i
(state)g(information)h(has)e(to)g(be)g(modi\002ed)g(then)h(a)e(ne)n(w)h
(v)n(alue)g(has)h(to)e(be)h(placed)i(in)e(the)g(Age)f(object.)58
b(A)0 4435 y(high-resolution)28 b(timestamp)d(is)e(typically)j(used)e
(for)g(this)g(purpose.)0 4684 y Fj(9.8)99 b(Status)0
4859 y Fm(The)30 b(Status)h(object)h(is)e(used)h(to)g(deli)n(v)o(er)g
(status)h(information)h(inside)f(the)h(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t
(E)j Fm(message.)51 b(This)30 b(object)i(might)0 4972
y(return)27 b(error)g(noti\002cations)i(or)d(information)j(about)e
(installed)h(pack)o(et)g(\002lters)e(\(e.g.)37 b(N)m(A)-10
b(T)i(-Object\).)35 b(Deli)n(v)o(ering)28 b(pack)o(et)0
5085 y(\002lter)22 b(information)i(is)e(helpful)i(for)e(application)j
(\(such)e(as)f(SIP)-10 b(,)20 b(H323,)i(MEGA)l(CO,)d(MGCP)h(etc.)28
b(\))g(that)23 b(need)f(to)g(deli)n(v)o(er)0 5197 y(IP)h(address,)i
(protocol)g(type)g(and)f(port)g(information)i(to)d(the)h(initiator)i
(in)d(case)h(of)g(N)m(A)-10 b(Ts)21 b(along)k(the)f(path.)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(17])p eop
%%Page: 18 18
18 17 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fk(10)119 b(Basic)29 b(Pr)n(otocol)h(Beha)m(vior)0
606 y Fm(The)c(follo)n(wing)i(message)g(\003o)n(ws)d(try)i(to)g(sho)n
(w)f(the)h(basic)g(protocol)i(beha)n(vior)g(and)e(possible)i
(combinations)g(re)o(garding)0 718 y(sender)n(-)g(and)e(recei)n(v)o(er)
n(-initiated)k(messages)e(\003o)n(ws,)d(uni-directional)31
b(or)c(bi-directional)k(pack)o(et)d(\002lters,)g(dif)n(ferent)g(trust)0
831 y(assumptions)35 b(and)d(N)m(A)-10 b(T)29 b(and/or)34
b(\002re)n(w)o(all)d(tra)n(v)o(ersal.)56 b(The)31 b(subsequently)36
b(sho)n(wn)c(\002gures)g(do)g(not)g(include)i(message)0
944 y(\003o)n(ws)22 b(for)i(ne)o(xt-peer)i(disco)o(v)o(ery)f(\(for)f(e)
o(xample)h(using)f(the)g(Scout)g(protocol\).)0 1193 y
Fj(10.1)99 b(Recei)o(v)o(er)l(-Initiated)26 b(Message)f(Flo)o(w)f(with)
h(Fir)n(ewalls)0 1368 y Fm(The)j(follo)n(wing)i(message)f(\003o)n(w)e
(sho)n(ws)h(the)h(protocol)h(beha)n(vior)h(in)d(case)h(of)f(a)g(recei)n
(v)o(er)n(-initiated)33 b(signaling)e(message)0 1481
y(e)o(xchange)25 b(with)e(tw)o(o)g(administrati)n(v)o(e)j(domains)f
(\(Netw)o(ork)f(A)e(and)i(B\))e(and)i(tw)o(o)f(\002re)n(w)o(alls)g
(located)i(at)e(the)h(borders.)30 b(F)o(or)0 1594 y(the)22
b(message)h(\003o)n(w)d(a)h(peer)n(-to-peer)k(trust)d(relationship)j
(is)c(assumed.)30 b(Cryptographic)25 b(credentials)f(which)e(support)h
(end-)0 1706 y(to-middle)29 b(authentication)i(\(Host)c(A-to-FW)g(2\))g
(can)g(be)h(included)h(by)e(Host)g(A)f(into)i(the)h(P)m
Fd(A)l(T)t(H)g Fm(message.)40 b(The)27 b(usage)0 1819
y(of)c(recei)n(v)o(er)n(-initiation)29 b(has)24 b(the)g(adv)n(antage)i
(that)e(Host)f(B)g(has)h(to)f(assist)i(in)e(polic)o(y)i(rule)f
(installation)j(at)c(Fire)n(w)o(all)h(B.)141 1932 y(In)j(Figure)g(7)f
(the)h(sender)h(indicates)g(in)f(the)g(P)-8 b(A)e(TH)23
b(message)28 b(which)f(polic)o(y)h(rule)f(to)f(install)i(by)f(adding)h
(this)f(infor)n(-)0 2045 y(mation)h(to)f(the)h(pack)o(et)g(\002lter)-5
b(.)40 b(Host)27 b(A)f(uses)i(the)g(IP)e(address)j(139.23.203.23)h(and)
e(the)f(destination)k(IP)26 b(address)j(\(Host)0 2158
y(B\))c(is)h(17.12.23.5.)38 b(Note)26 b(that)h(the)f(transport)j
(protocol)f(is)e(not)g(mentioned)j(since)e(it)e(is)h(not)h(helpful.)38
b(The)26 b(\002rst)f(\002re)n(w)o(all)0 2271 y(\(FW)19
b(1\))i(installs)h(the)f(indicated)i(polic)o(y)e(rule)g(\(pack)o(et)i
(\002lter)d(with)g(\224allo)n(w)h(/)f(without)h(logging\224)i
(action\).)30 b(The)20 b(message)h(is)0 2384 y(forw)o(arded)27
b(to)e(the)g(ne)o(xt)g(CASP)e(a)o(w)o(are)i(node)h(\(FW)e(2\).)33
b(Because)26 b(of)f(the)g(peer)n(-to-peer)k(trust)c(assumption)j(FW)23
b(2)i(trusts)0 2497 y(FW1)d(for)i(the)g(correctness)i(of)d(the)h(pro)o
(vided)h(parameters.)31 b(The)23 b(identity)i(of)f(the)f(signaling)j
(message)f(originator)h(might)0 2610 y(be)d(included)i(in)d(the)h
(signaling)i(messages)f(addressed)i(to)n(w)o(ard)d(the)g(other)g(end)h
(host.)29 b(Polic)o(y)23 b(rules)g(are)g(installed)i(at)d(both)0
2723 y(\002re)n(w)o(alls.)32 b(When)25 b(the)g(signaling)j(message)e
(reaches)g(Host)f(B)e(then)j(a)g(C)t Fd(R)t(E)t(A)l(T)t(E)j
Fm(message)d(is)e(returned)j(in)e(response)i(and)0 2836
y(includes)g(the)d(same)h(pack)o(et)h(\002lter)e(\(unmodi\002ed\).)33
b(Note)25 b(that)g(the)f(pack)o(et)i(\002lter)f(is)f(al)o(w)o(ays)h
(directional)j(\(especially)f(for)0 2948 y(the)h(C)t
Fd(R)t(E)t(A)l(T)t(E)h Fm(message)e(in)f(response)i(to)d(a)i(P)m
Fd(A)l(T)t(H)h Fm(message)e(this)h(is)e(applicable\).)38
b(The)27 b(C)t Fd(R)t(E)t(A)l(T)t(E)j Fm(message)c(installs)i(the)0
3061 y(polic)o(y)c(rules)g(at)f(the)g(tw)o(o)g(\002re)n(w)o(alls.)28
b(The)d(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(message)d(\002nally)f(reaches)i
(Host)e(A)f(who)h(can)g(immediately)i(start)e(to)0 3174
y(transmit)i(data)f(traf)n(\002c)f(to)n(w)o(ards)i(Host)e(B.)141
3287 y(The)g(follo)n(wing)i(issues)g(arise)f(with)g(the)g(description)i
(of)e(the)g(message)g(\003o)n(w)e(of)i(Figure)g(7:)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(18])p eop
%%Page: 19 19
19 18 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)55
350 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(+)
430 b(+---------------)o(--)o(--)o(--)o(--)o(---)o(--)o(-+)55
463 y(|)54 b(+------+)651 b(+------+)50 b(|)436 b(|)54
b(+------+)488 b(+--------+)50 b(|)55 576 y(|)k(|Host)e(A|)108
b(Network)161 b(|)54 b(FW)f(1)h(|)g(|)436 b(|)54 b(|)h(FW)e(2)h(|)g
(Network)e(|)i(Host)f(B)h(|)g(|)55 689 y(|)g(+--+---+)269
b(A)327 b(+--+---+)50 b(|)436 b(|)54 b(+--+---+)215 b(B)j(+---+----+)50
b(|)55 802 y(+-+--+--------)o(--)o(--)o(--)o(---)o(--)o(+-)o(--)o(--)o
(+)430 b(+----+----------)o(--)o(--)o(--)o(-+)o(---)o(-+)o(-+)164
915 y(|Path\(PF=)759 b(|)1036 b(|)1200 b(|)164 1027 y(|\(src=139.23.2)o
(03)o(.2)o(3,)157 b(|)1036 b(|)1200 b(|)164 1140 y(|)54
b(dst=17.12.23.5)o(,)321 b(|)1036 b(|)1200 b(|)164 1253
y(|)54 b(sport=5000,)540 b(|)1036 b(|)1200 b(|)164 1366
y(|)54 b(dport=600\))595 b(|)1036 b(|)1200 b(|)164 1479
y(|-------------)o(--)o(--)o(---)o(->)o(|)1030 b(|)1200
b(|)164 1592 y(|)f(|Path\(PF=)596 b(|)1200 b(|)164 1705
y(|)f(|\(src=139.23.20)o(3.)o(23,)o(|)1194 b(|)164 1818
y(|)1199 b(|)54 b(dst=17.12.23.5,)157 b(|)1200 b(|)164
1931 y(|)f(|)54 b(sport=5000,)377 b(|)1200 b(|)164 2044
y(|)f(|)54 b(dport=600\))432 b(|)1200 b(|)164 2157 y(|)f
(|--------------)o(--)o(-->)o(|)1194 b(|)164 2269 y(|)1199
b(|)1036 b(|Path\(PF=)760 b(|)164 2382 y(|)1199 b(|)1036
b(|\(src=139.23.20)o(3.)o(23)o(,)158 b(|)164 2495 y(|)1199
b(|)1036 b(|)54 b(dst=17.12.23.5,)321 b(|)164 2608 y(|)1199
b(|)1036 b(|)54 b(sport=5000,)541 b(|)164 2721 y(|)1199
b(|)1036 b(|)54 b(dport=600\))596 b(|)164 2834 y(|)1199
b(|)1036 b(|--------------)o(--)o(--)o(---)o(>|)164 2947
y(|)1199 b(|)1036 b(|Create\(PF=)650 b(|)164 3060 y(|)1199
b(|)1036 b(|\(src=139.23.20)o(3.)o(23)o(,)158 b(|)164
3173 y(|)1199 b(|)1036 b(|)54 b(dst=17.12.23.5,)321 b(|)164
3286 y(|)1199 b(|)1036 b(|)54 b(sport=5000,)541 b(|)164
3399 y(|)1199 b(|)1036 b(|)54 b(dport=600\))596 b(|)164
3511 y(|)1199 b(|)1036 b(|<-------------)o(--)o(--)o(---)o(-|)164
3624 y(|)1199 b(|Create\(PF=)486 b(|)1200 b(|)164 3737
y(|)f(|\(src=139.23.20)o(3.)o(23,)o(|)1194 b(|)164 3850
y(|)1199 b(|)54 b(dst=17.12.23.5,)157 b(|)1200 b(|)164
3963 y(|)f(|)54 b(sport=5000,)377 b(|)1200 b(|)164 4076
y(|)f(|)54 b(dport=600\))432 b(|)1200 b(|)164 4189 y(|)f
(|<-------------)o(--)o(---)o(|)1194 b(|)164 4302 y(|Create\(PF=)649
b(|)1036 b(|)1200 b(|)164 4415 y(|\(src=139.23.2)o(03)o(.2)o(3,)157
b(|)1036 b(|)1200 b(|)164 4528 y(|)54 b(dst=17.12.23.5)o(,)321
b(|)1036 b(|)1200 b(|)164 4641 y(|)54 b(sport=5000,)540
b(|)1036 b(|)1200 b(|)164 4753 y(|)54 b(dport=600\))595
b(|)1036 b(|)1200 b(|)164 4866 y(|<------------)o(--)o(--)o(---)o(--)o
(|)1030 b(|)1200 b(|)164 4979 y(|)1036 b(Data)52 b(Traffic)g
(\(unidirectiona)o(l\))921 b(|)164 5092 y(|=============)o(==)o(==)o
(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o
(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(>|)900 5388
y Fm(Figure)24 b(7:)29 b(Recei)n(v)o(er)n(-Initiated)e(Message)e(Flo)n
(w)e(with)g(Fire)n(w)o(alls)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(19])p eop
%%Page: 20 20
20 19 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)136
399 y Fc(\017)46 b Fm(Should)22 b(pack)o(et)g(\002lter)f(information)i
(included)g(in)e(the)i(P)m Fd(A)l(T)t(H)g Fm(and)g(C)t
Fd(R)t(E)t(A)l(T)t(E)i Fm(message.)k(pack)o(et)22 b(\002lter)f
(information)227 511 y(in)33 b(the)i(P)m Fd(A)l(T)t(H)g
Fm(message)f(could)g(be)f(temporarily)i(stored)g(at)e(middlebox)o(es)i
(\(\002re)n(w)o(alls)e(in)g(this)h(e)o(xample\).)58 b(The)229
624 y(C)t Fd(R)t(E)t(A)l(T)t(E)28 b Fm(message)d(w)o(ould)f(then)g
(only)g(refer)h(to)e(e)o(xisting)i(state)g(information.)136
812 y Fc(\017)46 b Fm(It)24 b(does)g(not)g(seem)g(to)g(be)f(useful)i
(to)f(ha)n(v)o(e)g(a)g(stateless)i(v)o(ersion)f(of)e(the)j(P)m
Fd(A)l(T)t(H)g Fm(message.)k(Do)23 b(we)g(w)o(ant)h(to)f(support)227
925 y(such)i(a)e(stateless)i(v)o(ersion?)136 1112 y Fc(\017)46
b Fm(If)33 b(the)g(P)o(ath)f(message)i(f)o(ails)f(then)h(no)e(polic)o
(y)i(rules)g(are)f(installed.)58 b(The)32 b(signaling)j(message)f
(\003o)n(w)e(has)h(to)f(be)227 1225 y(restarted.)141
1438 y(Figure)20 b(7)e(does)i(not)g(contain)h(N)m(A)-10
b(Ts,)17 b(micro-/macro-mobility)24 b(speci\002c)c(message)g(\003o)n
(ws)e(or)h(an)o(y)g(form)g(of)g(tunneling.)0 1551 y(Hence)j(no)g
(mid-path)i(pack)o(et)f(\002lter)f(modi\002cation)i(is)d(necessary)-6
b(,)25 b(otherwise)e(such)g(a)f(pack)o(et)h(\002lter)f(modi\002cation)i
(w)o(ould)0 1664 y(be)i(required.)40 b(Entities,)27 b(which)g(are)f(a)o
(w)o(are)h(of)f(micro-/macro-mobility)31 b(protocols)e(\(for)d(e)o
(xample)i(a)d(MAP)g(or)h(a)g(home)0 1777 y(agent\),)d(are)f(no)g
(middlebox)o(es)j(in)d(the)g(traditional)j(sense.)k(Since)22
b(the)o(y)g(ha)n(v)o(e)h(an)f(impact)g(on)g(the)g(pack)o(et)i(\002lter)
e(and)g(on)g(the)0 1890 y(data)f(traf)n(\002c)f(it)g(w)o(ould)h(be)f
(necessary)j(to)d(treat)h(them)f(as)g(arti\002cial)h(middlebox)i(to)d
(properly)i(address)g(\003o)n(w)d(identi\002cations)0
2002 y(along)k(the)e(path.)29 b(If)21 b(no)h(such)g(treatment)h(tak)o
(es)g(place)f(then)g(the)g(wrong)g(polic)o(y)g(rules)h(are)e(installed)
j(at)d(\002re)n(w)o(alls)h(with)f(the)0 2115 y(consequence)31
b(that)e(the)f(entire)h(protocol)h(interaction)h(is)c(useless.)44
b(In)27 b(this)i(description)i(we)c(assume)i(that)f(pack)o(et)h
(\002lter)0 2228 y(attrib)n(utes)d(are)e(based)h(on)e(information)j
(used)f(for)e(routing)j(\(i.e.)i(IP)23 b(addresses\).)0
2477 y Fj(10.2)99 b(Sender)l(-Initiated)28 b(Message)c(Flo)o(w)g(with)h
(Fir)n(ewalls)0 2652 y Fm(The)32 b(follo)n(wing)h(message)g(\003o)n(w)e
(sho)n(ws)h(the)g(protocol)i(beha)n(vior)h(in)d(case)g(of)g(a)g(sender)
n(-initiated)k(signaling)f(message)0 2765 y(e)o(xchange)23
b(with)d(tw)o(o)g(administrati)n(v)o(e)j(domains)f(\(Netw)o(ork)f(A)e
(and)i(B\))f(and)h(tw)o(o)f(\002re)n(w)o(alls)h(\(FW)e(1)h(and)h(FW)e
(2\).)28 b(No)19 b(N)m(A)-10 b(T)0 2878 y(and)30 b(other)g(de)n(vices)h
(requiring)h(modi\002cations)g(to)d(the)h(pack)o(et)g(\002lter)g(are)f
(used.)47 b(This)30 b(message)g(\003o)n(w)e(also)i(assumes)h(a)0
2990 y(peer)n(-to-peer)26 b(trust)d(relationship.)31
b(Cryptographic)26 b(credentials)f(which)d(support)i(end-to-middle)i
(authentication)g(\(Host)0 3103 y(A-to-FW)d(2\))g(can)h(be)g(included)i
(by)d(Host)h(A)e(into)i(the)i(C)t Fd(R)t(E)t(A)l(T)t(E)i
Fm(message.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g
(Aoun)727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(20])p eop
%%Page: 21 21
21 20 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)109
1027 y Fe(+--------------)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)430
b(+--------------)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(+)109
1140 y(|)54 b(+------+)651 b(+------+)51 b(|)436 b(|)54
b(+------+)487 b(+--------+)50 b(|)109 1253 y(|)k(|Host)e(A|)109
b(Network)160 b(|)54 b(FW)g(1)g(|)g(|)436 b(|)54 b(|)g(FW)g(2)g(|)g
(Network)d(|)j(Host)f(B)h(|)g(|)109 1366 y(|)g(+--+---+)269
b(A)327 b(+--+---+)51 b(|)436 b(|)54 b(+--+---+)215 b(B)i(+---+----+)50
b(|)109 1479 y(+-+--+---------)o(--)o(--)o(---)o(--)o(-+)o(--)o(--)o
(-+)430 b(+----+---------)o(--)o(--)o(--)o(--)o(+--)o(--)o(+-)o(+)218
1592 y(|Create\(PF=)650 b(|)1036 b(|)1199 b(|)218 1705
y(|\(src=139.23.20)o(3.)o(23,)157 b(|)1036 b(|)1199 b(|)218
1818 y(|)54 b(dst=17.12.23.5,)321 b(|)1036 b(|)1199 b(|)218
1931 y(|)54 b(sport=5000,)541 b(|)1036 b(|)1199 b(|)218
2044 y(|)54 b(dport=600\))596 b(|)1036 b(|)1199 b(|)218
2156 y(|--------------)o(--)o(---)o(--)o(>|)1030 b(|)1199
b(|)218 2269 y(|)h(|Create\(PF=)486 b(|)1199 b(|)218
2382 y(|)h(|\(src=139.23.2)o(03)o(.23)o(,|)1193 b(|)218
2495 y(|)1200 b(|)54 b(dst=17.12.23.5)o(,)158 b(|)1199
b(|)218 2608 y(|)h(|)54 b(sport=5000,)377 b(|)1199 b(|)218
2721 y(|)h(|)54 b(dport=600\))432 b(|)1199 b(|)218 2834
y(|)h(|-------------)o(--)o(---)o(>|)1193 b(|)218 2947
y(|)1200 b(|)1036 b(|Create\(PF=)649 b(|)218 3060 y(|)1200
b(|)1036 b(|\(src=139.23.2)o(03)o(.2)o(3,)157 b(|)218
3173 y(|)1200 b(|)1036 b(|)54 b(dst=17.12.23.5)o(,)321
b(|)218 3286 y(|)1200 b(|)1036 b(|)54 b(sport=5000,)540
b(|)218 3398 y(|)1200 b(|)1036 b(|)54 b(dport=600\))595
b(|)218 3511 y(|)1200 b(|)1036 b(|-------------)o(--)o(--)o(---)o(->)o
(|)218 3624 y(|)1200 b(|)1036 b(|)326 b([Response])d(|)218
3737 y(|)1200 b(|)1036 b(|<------------)o(--)o(--)o(---)o(--)o(|)218
3850 y(|)1200 b(|)217 b([Response])269 b(|)1199 b(|)218
3963 y(|)h(|<------------)o(--)o(---)o(-|)1193 b(|)218
4076 y(|)327 b([Response])c(|)1036 b(|)1199 b(|)218 4189
y(|<-------------)o(--)o(---)o(--)o(-|)1030 b(|)1199
b(|)218 4302 y(|)1036 b(Data)53 b(Traffic)e(\(unidirectional)o(\))921
b(|)218 4415 y(|==============)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o
(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)
o(===)o(=>)o(|)933 4710 y Fm(Figure)24 b(8:)29 b(Sender)n(-Initiated)f
(Message)d(Flo)n(w)d(with)h(Fire)n(w)o(alls)0 5656 y
Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(21])p eop
%%Page: 22 22
22 21 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(The)30 b(message)i(\003o)n(w)d(in)h(Figure)h(8)f(is)g(similar)h
(to)f(Figure)h(7.)49 b(The)32 b(C)t Fd(R)t(E)t(A)l(T)t(E)j
Fm(message)c(contains)i(the)d(pack)o(et)i(\002lter)0
511 y(and)24 b(immediately)h(\(after)g(authentication,)i(authorization)
h(and)23 b(v)o(eri\002cation\))j(causes)f(the)f(installation)j(of)c
(polic)o(y)i(rules.)0 624 y(The)g(signaling)j(message)f(sender)g(might)
f(request)h(a)g(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)k Fm(message.)36
b(In)25 b(case)i(of)e(N)m(A)-10 b(Ts)24 b(along)i(the)g(path)g(such)h
(a)2 737 y(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)i Fm(message)c(is)f(v)o
(ery)f(useful)i(to)f(return)h(N)m(A)-10 b(T)21 b(binding)k
(information.)141 850 y(This)31 b(scenario)h(does)g(not)f(require)h
(pack)o(et)h(\002lter)d(modi\002cation)j(along)f(the)f(path.)50
b(No)30 b(N)m(A)-10 b(T)29 b(binding)k(is)d(returned)0
963 y(with)23 b(the)h(optional)k(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)h
Fm(message.)141 1076 y(The)23 b(follo)n(wing)i(issue)g(arises)f(with)g
(the)g(description)i(of)e(the)g(message)g(\003o)n(w)e(of)i(Figure)g(8:)
136 1289 y Fc(\017)46 b Fm(If)19 b(a)g(v)o(eri\002cation)i(error)f(is)f
(caused)i(during)g(the)g(C)t Fd(R)t(E)t(A)l(T)t(E)j Fm(message)c
(processing)i(then)e(some)g(\002re)n(w)o(alls)f(might)h(ha)n(v)o(e)227
1401 y(installed)30 b(polic)o(y)e(rules)g(whereas)g(others)g(ha)n(v)o
(e)g(ne)n(v)o(er)f(seen)h(the)f(signaling)j(message.)40
b(A)28 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)33 b Fm(message)227
1514 y(indicating)25 b(an)c(error)h(could)h(lea)n(v)o(e)f(installed)i
(state)f(in)e(place)h(or)g(cause)g(already)i(established)g(state)f(to)e
(be)h(remo)o(v)o(ed)227 1627 y(automatically)-6 b(.)0
1876 y Fj(10.3)99 b(Recei)o(v)o(er)l(-Initiated)26 b(Message)f(Flo)o(w)
f(with)h(a)g(Fir)n(ewall)f(and)i(a)e(N)n(A)-9 b(T)0 2051
y Fm(The)32 b(message)j(\003o)n(w)c(in)i(Figure)g(9)g(introduces)j(a)c
(middlebox)j(with)e(N)m(A)-10 b(T)30 b(functionality)37
b(\(N)m(A)-10 b(T)31 b(1\),)k(in)e(addition)i(to)e(a)0
2164 y(\002re)n(w)o(all)22 b(at)h(Netw)o(ork)g(B,)e(along)j(the)f(path)
h(between)f(Host)g(A)f(and)h(Host)f(B.)g(Note)g(that)h(N)m(A)-10
b(T)21 b(1)h(might)h(additionally)k(ha)n(v)o(e)0 2277
y(\002re)n(w)o(all)k(functionality)k(which)d(w)o(ould)f(require)i(to)e
(install)i(pinhole)g(opening)h(and)d(N)m(A)-10 b(T)29
b(binding)34 b(polic)o(y)e(rules.)53 b(The)0 2389 y(message)29
b(\003o)n(w)d(assumes)j(that)g(Host)e(A)g(with)h(source)h(IP)e(address)
i(10.1.0.5)g(w)o(ants)f(to)g(transmit)h(data)f(traf)n(\002c)g(at)g
(source)0 2502 y(port)h(1200)g(\(for)g(e)o(xample)g(UDP)d(/)i(not)g
(sho)n(wn)h(in)f(this)g(e)o(xample\))i(to)e(destination)j(address)f
(17.12.23.5)g(at)e(destination)0 2615 y(port)19 b(number)g(600.)27
b(Host)18 b(A)f(does)i(not)g(requires)h(a)d(particular)k(N)m(A)-10
b(T)16 b(binding,)21 b(hence)e(no)f(N)m(A)-10 b(T)i(-Object)17
b(is)h(required)j(within)0 2728 y(the)28 b(initial)i(P)-8
b(A)e(TH)25 b(message.)43 b(In)28 b(an)o(y)h(case)f(a)g(N)m(A)-10
b(T)26 b(binding)k(will)e(be)g(included)i(within)f(the)f(N)m(A)-10
b(T)i(-Object)27 b(returned)j(in)0 2841 y(the)f(RESPONSE)24
b(message.)45 b(Instead)31 b(the)e(pro)o(vided)h(N)m(A)-10
b(T)27 b(binding)j(is)f(pro)o(vided)h(as)f(a)f(N)m(A)-10
b(T)i(-Object)28 b(in)g(response.)46 b(If)0 2954 y(Host)24
b(A)e(w)o(ould)j(lik)o(e)f(to)g(request)i(a)d(particular)j(N)m(A)-10
b(T)22 b(binding)k(then)e(the)g(N)m(A)-10 b(T)i(-Object)23
b(has)h(to)g(be)g(included)i(in)e(the)g(initial)2 3067
y(P)m Fd(A)l(T)t(H)h Fm(message.)141 3180 y(As)19 b(soon)h(as)f(the)h
(signaling)i(message)e(reaches)h(N)m(A)-10 b(T)17 b(1)i(a)g(N)m(A)-10
b(T)17 b(binding)k(is)f(requested)h(and)f(the)g(result)g(of)g(this)f
(request)0 3293 y(is)k(placed)h(into)f(the)g(T)m(raf)n(\002c)f
(selector)j(\002eld)d(\(i.e.)29 b(src)23 b(ip)f(address)j(is)d(changed)
j(from)e(10.1.0.5)g(to)g(139.23.203.30)j(and)d(the)0
3406 y(sport)i(is)e(re)n(written)i(from)f(1200)g(to)g(5000\).)31
b(When)24 b(the)g(signaling)i(messages)f(is)f(successfully)j(processed)
f(by)e(FW)e(2)i(and)0 3519 y(forw)o(arded)i(to)e(Host)g(B)g(a)h(C)t
Fd(R)t(E)t(A)l(T)t(E)k Fm(message)c(with)f(the)h(indicated)h(pack)o(et)
g(\002lter)f(is)f(returned.)33 b(A)23 b(cop)o(y)i(of)f(the)h(recei)n(v)
o(ed)0 3631 y(pack)o(et)d(\002lter)e(is)g(placed)i(into)f(the)f(N)m(A)
-10 b(T)i(-Object.)27 b(By)19 b(returning)k(the)e(N)m(A)-10
b(T)i(-Object)19 b(information,)k(Host)d(A)f(is)h(able)h(to)f(learn)0
3744 y(which)26 b(IP)e(address)j(and)f(port)g(,)f(hence)i(no)e(N)m(A)
-10 b(T)i(-Object)25 b(is)g(required)i(within)f(the)g(initial)h(P)-8
b(A)e(TH)22 b(message.)36 b(In)25 b(an)o(y)h(case)0 3857
y(a)e(N)m(A)-10 b(T)22 b(binding)27 b(will)d(be)g(included)j(within)e
(the)f(N)m(A)-10 b(T)i(-Object)24 b(returned)i(in)f(the)f(RESPONSE)d
(message.)32 b(The)26 b(C)t Fd(R)t(E)t(A)l(T)t(E)0 3970
y Fm(message)f(is)e(routed)i(backw)o(ards)h(to)n(w)o(ard)e(Host)f(A)f
(\(since)j(the)f(path)g(is)g(pinned)h(do)n(wn\).)141
4083 y(The)e(e)o(xchange)j(of)e(end-to-end)j(messages)e(after)f(a)g
(successful)i(signaling)h(message)d(e)o(xchange)i(might)e(be)g
(required)0 4196 y(to)j(e)o(xchange)i(parameters)g(about)g(the)e
(subsequent)j(data)e(traf)n(\002c.)39 b(Finally)28 b(Host)f(A)f(starts)
i(to)f(transmit)i(data)e(pack)o(ets)i(to)0 4309 y(Host)23
b(B.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)
727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(22])p eop
%%Page: 23 23
23 22 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)109
519 y Fe(+--------------)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)430
b(+--------------)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(+)109
632 y(|)54 b(+------+)651 b(+------+)51 b(|)436 b(|)54
b(+------+)487 b(+--------+)50 b(|)109 745 y(|)k(|Host)e(A|)109
b(Network)160 b(|)54 b(NAT)f(1|)h(|)436 b(|)54 b(|)g(FW)108
b(2|)54 b(Network)d(|)j(Host)f(B)h(|)g(|)109 858 y(|)g(+--+---+)269
b(A)327 b(+--+---+)51 b(|)436 b(|)54 b(+--+---+)215 b(B)i(+---+----+)50
b(|)109 971 y(+-+--+---------)o(--)o(--)o(---)o(--)o(-+)o(--)o(--)o(-+)
430 b(+----+---------)o(--)o(--)o(--)o(--)o(+--)o(--)o(+-)o(+)218
1084 y(|Path\(PF=)760 b(|)1036 b(|)1199 b(|)218 1197
y(|\(src=10.1.0.5,)430 b(|)1036 b(|)1199 b(|)218 1310
y(|)54 b(dst=17.12.23.5,)321 b(|)1036 b(|)1199 b(|)218
1423 y(|)54 b(sport=1200,)541 b(|Path\(PF=)596 b(|)1199
b(|)218 1535 y(|)54 b(dport=600\))596 b(|\(src=139.23.2)o(03)o(.23)o
(,|)1193 b(|)218 1648 y(|--------------)o(--)o(---)o(--)o(>|)48
b(dst=17.12.23.5)o(,)158 b(|)1199 b(|)218 1761 y(|)h(|)54
b(sport=5000,)377 b(|Path\(PF=)759 b(|)218 1874 y(|)1200
b(|)54 b(dport=600\))432 b(|\(src=139.23.2)o(03)o(.2)o(3,)157
b(|)218 1987 y(|)1200 b(|-------------)o(--)o(---)o(>|)48
b(dst=17.12.23.5)o(,)321 b(|)218 2100 y(|)1200 b(|)1036
b(|)54 b(sport=5000,)540 b(|)218 2213 y(|)1200 b(|)1036
b(|)54 b(dport=600\))595 b(|)218 2326 y(|)1200 b(|)1036
b(|-------------)o(--)o(--)o(---)o(->)o(|)218 2439 y(|)1200
b(|)1036 b(|)1199 b(|)218 2552 y(|)h(|)1036 b(|Create\(PF=)649
b(|)218 2665 y(|)1200 b(|)1036 b(|\(src=139.23.2)o(03)o(.2)o(3,)157
b(|)218 2777 y(|)1200 b(|Create\(PF=)486 b(|)54 b(dst=17.12.23.5)o(,)
321 b(|)218 2890 y(|)1200 b(|\(src=139.23.2)o(03)o(.23)o(,|)48
b(sport=5000,)540 b(|)218 3003 y(|)1200 b(|)54 b(dst=17.12.23.5)o(,)158
b(|)54 b(dport=600\);)540 b(|)218 3116 y(|Create\(PF=)650
b(|)54 b(sport=5000,)377 b(|)54 b(NAT-Object=)540 b(|)218
3229 y(|\(src=10.1.0.5,)430 b(|)54 b(dport=600\);)377
b(|\(src=139.23.2)o(03)o(.2)o(3,)157 b(|)218 3342 y(|)54
b(dst=17.12.23.5,)321 b(|)54 b(NAT-Object=)377 b(|)54
b(dst=17.12.23.5)o(,)321 b(|)218 3455 y(|)54 b(sport=1200,)541
b(|\(src=139.23.2)o(03)o(.23)o(,|)48 b(sport=5000,)540
b(|)218 3568 y(|)54 b(dport=600\);)541 b(|)54 b(dst=17.12.23.5)o(,)158
b(|)54 b(dport=600\)\))540 b(|)218 3681 y(|)54 b(NAT-Object=)541
b(|)54 b(sport=5000,)377 b(|<------------)o(--)o(--)o(---)o(--)o(|)218
3794 y(|\(src=139.23.20)o(3.)o(23,)157 b(|)54 b(dport=600\)\))377
b(|)1199 b(|)218 3907 y(|)54 b(dst=17.12.23.5,)321 b(|<------------)o
(--)o(---)o(-|)1193 b(|)218 4019 y(|)54 b(sport=5000,)541
b(|)1036 b(|)1199 b(|)218 4132 y(|)54 b(dport=600\)\))541
b(|)1036 b(|)1199 b(|)218 4245 y(|<-------------)o(--)o(---)o(--)o(-|)
1030 b(|)1199 b(|)218 4358 y(|)h(|)1036 b(|)1199 b(|)218
4471 y(|)1091 b(For)53 b(example:)e(SIP)i(Signaling)1032
b(|)218 4584 y(|<\230\230\230\230\230\230\230\230\230\230\230\230\230)o
(\230\230)o(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230>)o(|)218 4697 y(|)1200 b(|)1036
b(|)1199 b(|)218 4810 y(|)1036 b(Data)53 b(Traffic)e(\(unidirectional)o
(\))921 b(|)218 4923 y(|==============)o(==)o(===)o(==)o(==)o(==)o(==)o
(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o
(==)o(==)o(===)o(=>)o(|)679 5218 y Fm(Figure)24 b(9:)29
b(Recei)n(v)o(er)n(-Initiated)f(Message)d(Flo)n(w)d(with)h(a)h(Fire)n
(w)o(all)f(and)h(a)f(N)m(A)-10 b(T)0 5656 y Fl(H.)18
b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25
b(September)f(2003)728 b([P)o(age)24 b(23])p eop
%%Page: 24 24
24 23 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(10.4)99 b(Sender)l(-Initiated)28 b(Message)c(Flo)o(w)g(with)h
(a)g(Fir)n(ewall)f(and)i(a)f(N)n(A)-9 b(T)0 573 y Fm(Figure)24
b(10)g(sho)n(ws)g(a)f(sender)n(-initiated)29 b(signaling)d(message)f
(\003o)n(w)e(whereby)i(FW)d(2)h(in)h(Netw)o(ork)g(B)f(initially)j
(rejects)f(the)0 686 y(signaling)e(message)f(due)f(to)f(an)h
(authentication/auth)q(or)q(iza)q(tio)q(n)26 b(f)o(ailure.)j(The)20
b(returned)25 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)h Fm(message)c
(includes)0 799 y(among)31 b(the)g(error)g(code,)i(information)g(about)
f(the)e(entity)i(creating)h(the)d(error)i(\(in)e(this)h(case)g
(FW2@Netw)o(orkB\))g(and)0 912 y(optionally)j(a)e(challenge)i(v)n
(alue.)53 b(The)31 b(challenge)j(v)n(alue)f(allo)n(ws)e(Host)h(A)e(to)i
(either)g(pro)o(vide)i(a)d(freshness)j(guarantee)0 1024
y(based)26 b(on)f(the)g(challenge)i(v)n(alue)f(and/or)g(based)g(on)f(a)
f(timestamp.)33 b(The)25 b(usage)h(of)e(CMS)f(allo)n(ws)i(Host)g(A)f
(and)h(Netw)o(ork)0 1137 y(B)18 b(to)h(use)h(symmetric)g(and)g
(asymmetric)h(credentials)h(for)d(authentication.)32
b(In)19 b(an)o(y)g(case)h(a)f(Credential)i(object)g(is)e(attached)0
1250 y(to)24 b(the)i(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(signaling)e
(message.)31 b(The)24 b(Credential)h(object)h(securely)f(binds)h(a)d
(timestamp)i(or)f(a)f(sequence)j(number)0 1363 y(\(to)31
b(pre)n(v)o(ent)i(replay)g(attacks\),)h(identities,)i(lifetime)c(and)g
(possibly)i(pack)o(et)e(\002lter)g(information)h(to)f(the)f
(cryptographic)0 1476 y(credentials.)h(The)25 b(R)t Fd(E)t(S)t(P)t(O)t
(N)t(S)t(E)k Fm(message)c(might)f(return)h(a)e(N)m(A)-10
b(T)i(-Object)22 b(if)i(a)f(N)m(A)-10 b(T)21 b(w)o(as)i(present)i
(along)g(the)f(path.)141 1589 y(Host)29 b(A)f(retransmits)j(a)d(ne)n(w)
g(signaling)k(message.)46 b(After)29 b(v)o(eri\002cation)i(of)d(the)i
(request)g(and)g(the)f(credentials)j(FW)0 1702 y(2)d(forw)o(ards)i(the)
f(message)g(to)g(Host)f(B.)f(As)h(in)g(pre)n(vious)j(e)o(xamples)e
(Host)g(B)e(returns)j(a)g(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)36
b Fm(message)30 b(with)g(a)0 1815 y(N)m(A)-10 b(T)i(-Object)23
b(back)h(to)f(Host)h(A.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(24])p eop
%%Page: 25 25
25 24 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)109
632 y Fe(+--------------)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)430
b(+--------------)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(+)109
745 y(|)54 b(+------+)651 b(+------+)51 b(|)436 b(|)54
b(+------+)487 b(+--------+)50 b(|)109 858 y(|)k(|Host)e(A|)109
b(Network)160 b(|)54 b(NAT)f(1|)h(|)436 b(|)54 b(|)g(FW)108
b(2|)54 b(Network)d(|)j(Host)f(B)h(|)g(|)109 971 y(|)g(+--+---+)269
b(A)327 b(+--+---+)51 b(|)436 b(|)54 b(+--+---+)215 b(B)i(+---+----+)50
b(|)109 1084 y(+-+--+---------)o(--)o(--)o(---)o(--)o(-+)o(--)o(--)o
(-+)430 b(+----+---------)o(--)o(--)o(--)o(--)o(+--)o(--)o(+-)o(+)218
1197 y(|Create\(PF=)650 b(|)1036 b(|)1199 b(|)218 1310
y(|\(src=10.1.0.5,)430 b(|Create\(PF=)486 b(|)1199 b(|)218
1423 y(|)54 b(dst=17.12.23.5,)321 b(|\(src=139.23.2)o(03)o(.23)o(,|)
1193 b(|)218 1535 y(|)54 b(sport=1200,)541 b(|)54 b(dst=17.12.23.5)o(,)
158 b(|)1199 b(|)218 1648 y(|)54 b(dport=600\))596 b(|)54
b(sport=5000,)377 b(|)1199 b(|)218 1761 y(|--------------)o(--)o(---)o
(--)o(>|)48 b(dport=600\))432 b(|)1199 b(|)218 1874 y(|)h
(|-------------)o(--)o(---)o(>|)1193 b(|)218 1987 y(|)1200
b(|Response\(Erro)o(rC)o(ode)o(=|)1193 b(|)218 2100 y(|Response\(Error)
o(Co)o(de=)157 b(|"Auth.)51 b(Required",)105 b(|)1199
b(|)218 2213 y(|"Auth.)52 b(Required",)268 b(|)54 b(FW2@NetworkB,)267
b(|)1199 b(|)218 2326 y(|)54 b(FW2@NetworkB,)431 b(|)54
b(challenge=0x7a)o(..8)o(,|)1193 b(|)218 2439 y(|)54
b(challenge=0x7a.)o(.8,)157 b(|<------------)o(--)o(---)o(-|)1193
b(|)218 2552 y(|<-------------)o(--)o(---)o(--)o(-|)1030
b(|)1199 b(|)218 2665 y(|Create\(PF=)650 b(|)1036 b(|)1199
b(|)218 2777 y(|\(src=10.1.0.5,)430 b(|)1036 b(|)1199
b(|)218 2890 y(|)54 b(dst=17.12.23.5,)321 b(|Create\(PF=)486
b(|)1199 b(|)218 3003 y(|)54 b(sport=1200,)541 b(|\(src=139.23.2)o(03)o
(.23)o(,|)1193 b(|)218 3116 y(|)54 b(dport=600\))596
b(|)54 b(dst=17.12.23.5)o(,)158 b(|Create\(PF=)649 b(|)218
3229 y(|)54 b(Credentials\(...)o(\)\))212 b(|)54 b(sport=5000,)377
b(|\(src=10.1.0.5)o(,)430 b(|)218 3342 y(|--------------)o(--)o(---)o
(--)o(>|)48 b(dport=600\))432 b(|)54 b(dst=17.12.23.5)o(,)321
b(|)218 3455 y(|)1200 b(|)54 b(Credentials\(..)o(.\)\))48
b(|)54 b(sport=1200,)540 b(|)218 3568 y(|)1200 b(|-------------)o(--)o
(---)o(>|)48 b(dport=600\))595 b(|)218 3681 y(|)1200
b(|)1036 b(|-------------)o(--)o(--)o(---)o(->)o(|)218
3794 y(|)1200 b(|)1036 b(|)217 b(Response\()487 b(|)218
3907 y(|)1200 b(|)108 b(Response\()433 b(|)217 b(NAT-Object\(...\)\))
102 b(|)218 4019 y(|)218 b(Response\()487 b(|)108 b
(NAT-Object\(...\)\))48 b(|<------------)o(--)o(--)o(---)o(--)o(|)218
4132 y(|)218 b(NAT-Object\(...\))o(\))103 b(|<------------)o(--)o(---)o
(-|)1193 b(|)218 4245 y(|<-------------)o(--)o(---)o(--)o(-|)1030
b(|)1199 b(|)218 4358 y(|)h(|)108 b(SIP)54 b(Signaling)214
b(|)1199 b(|)218 4471 y
(|<\230\230\230\230\230\230\230\230\230\230\230\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230>)o(|)218 4584 y(|)h(|)1036 b(|)1199
b(|)218 4697 y(|)1036 b(Data)53 b(Traffic)e(\(unidirectional)o(\))921
b(|)218 4810 y(|==============)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o
(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)
o(===)o(=>)o(|)690 5105 y Fm(Figure)24 b(10:)30 b(Sender)n(-Initiated)d
(Message)e(Flo)n(w)d(with)i(a)f(Fire)n(w)o(all)g(and)h(a)f(N)m(A)-10
b(T)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(25])p eop
%%Page: 26 26
26 25 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(The)g(message)i(\003o)n(w)d(sho)n(ws)i(the)g(follo)n(wing)h
(protocol)g(features:)136 611 y Fc(\017)46 b Fm(End-to-Middle)22
b(Authentication)g(by)e(including)h(a)e(CMS)e(object)j(\(Credential)i
(object\))e(to)f(the)g(signaling)j(message)227 724 y(after)f(the)g
(authentication/auth)q(or)q(iza)q(tio)q(n)26 b(f)o(ailure.)j(If)20
b(the)h(Credential)h(object)g(is)e(included)j(into)e(the)f(\002rst)i(C)
t Fd(R)t(E)t(A)l(T)t(E)227 837 y Fm(signaling)j(message)f(then)g(no)e
(such)i(error)f(message)h(is)f(returned.)30 b(Ho)n(we)n(v)o(er)22
b(in)h(that)g(case)g(replay)h(protection)i(can)227 950
y(only)f(be)e(based)i(on)f(timestamps)g(\(loosely)i(synchronized)i
(clocks\).)136 1137 y Fc(\017)46 b Fm(A)34 b(N)m(A)-10
b(T)i(-Object)34 b(is)h(included)i(in)e(the)i(R)t Fd(E)t(S)t(P)t(O)t(N)
t(S)t(E)k Fm(message)36 b(which)g(pro)o(vides)h(information)g(about)f
(the)f(N)m(A)-10 b(T)227 1250 y(binding.)136 1438 y Fc(\017)46
b Fm(The)30 b(R)t Fd(E)t(S)t(P)t(O)t(N)t(S)t(E)j Fm(message)c
(indicating)i(an)d(error)g(could)h(also)g(return)g(a)e(N)m(A)-10
b(T)i(-Object)27 b(to)g(pro)o(vide)j(initial)f(infor)n(-)227
1551 y(mation)c(about)f(the)g(e)o(xistence)i(of)d(a)g(N)m(A)-10
b(T)j(.)136 1738 y Fc(\017)46 b Fm(The)23 b(same)h(protocol)i
(operations)g(can)e(be)g(used)g(without)g(N)m(A)-10 b(Ts)22
b(\(only)j(\002re)n(w)o(alls\).)0 1988 y Fj(10.5)99 b(Sender)l
(-Initiated)28 b(N)n(A)-9 b(T/Fir)n(ewall)23 b(T)-7 b(ra)n(v)o(ersal)24
b(with)i(A)-5 b(uthorization)25 b(T)-9 b(ok)o(en)0 2162
y Fm(The)23 b(ne)o(xt)h(scenario)i(is)e(slightly)i(more)d(complicated)k
(in)d(the)g(sense)g(that)h(authorization)i(information)g(for)d(Netw)o
(ork)g(B)e(is)0 2275 y(pro)o(vided)j(by)e(Host)g(B.)e(Host)i(B)f
(\002rst)h(request)i(an)e(authorization)j(tok)o(en)f(from)e(an)g
(entity)h(in)f(the)g(local)h(netw)o(ork)g(by)f(some)0
2388 y(means.)29 b(This)22 b(tok)o(en)h(is)f(then)h(communicated)i(to)d
(Host)g(A)f(using)i(an)g(end-to-end)i(protocol)f(such)f(as)f(SIP)f(or)h
(HTTP)-10 b(.)19 b(This)0 2501 y(tok)o(en)j(then)f(pro)o(vides)i(the)e
(necessary)i(trust)e(for)g(Netw)o(ork)g(B)e(to)i(allo)n(w)f(the)j(C)t
Fd(R)t(E)t(A)l(T)t(E)i Fm(message)d(to)e(install)i(polic)o(y)g(rules)f
(at)0 2614 y(FW)h(2.)28 b(Note)23 b(that)h(this)f(message)i(\003o)n(w)c
(is)i(dif)n(ferent)i(compared)g(to)e(the)h(scenario)h(described)g(in)e
(Figure)h(10.)29 b(In)23 b(this)h(case)0 2726 y(no)e(pre-established)k
(cryptographic)f(credentials)g(between)e(Host)e(A)g(and)h(Netw)o(ork)g
(B)e(are)i(present)h(before)g(the)f(protocol)0 2839 y(is)h(used)i
(between)f(Host)g(A)e(and)i(Host)g(B.)141 2952 y(The)k(sender)n
(-initiated)33 b(message)c(\003o)n(w)d(is)i(similar)h(to)f(the)g(abo)o
(v)o(e-described)k(\003o)n(ws)27 b(with)h(the)h(only)f(e)o(xception)j
(that)0 3065 y(the)24 b(Authorization)j(T)-7 b(ok)o(en)23
b(is)h(included.)31 b(The)23 b(tok)o(en)i(is)e(remo)o(v)o(ed)h(at)f(FW)
g(2)g(after)h(successful)i(v)o(eri\002cation.)0 5656
y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(26])p eop
%%Page: 27 27
27 26 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)109
689 y Fe(+--------------)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)430
b(+--------------)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(+)109
802 y(|)54 b(+------+)651 b(+------+)51 b(|)436 b(|)54
b(+------+)487 b(+--------+)50 b(|)109 914 y(|)k(|Host)e(A|)109
b(Network)160 b(|)54 b(NAT)f(1|)h(|)436 b(|)54 b(|)g(FW)108
b(2|)54 b(Network)d(|)j(Host)f(B)h(|)g(|)109 1027 y(|)g(+--+---+)269
b(A)327 b(+--+---+)51 b(|)436 b(|)54 b(+--+---+)215 b(B)i(+---+----+)50
b(|)109 1140 y(+-+--+---------)o(--)o(--)o(---)o(--)o(-+)o(--)o(--)o
(-+)430 b(+----+---------)o(--)o(--)o(--)o(--)o(+--)o(--)o(+-)o(+)218
1253 y(|)1200 b(|)1036 b(|)163 b(Authorization)321 b(|)218
1366 y(|)1200 b(|)1036 b(|)381 b(Token)543 b(|)218 1479
y(|)1200 b(|)1036 b(|)326 b(Request)488 b(|)218 1592
y(|)1200 b(|)1036 b(|<------------)o(--)o(--)o(---)o(--)o(|)218
1705 y(|)1200 b(|)1036 b(|)163 b(Authorization)321 b(|)218
1818 y(|)1200 b(|)163 b(End-to-End)323 b(|)381 b(Token)543
b(|)218 1931 y(|)1200 b(|)163 b(Communication)158 b(|)326
b(Response)433 b(|)218 2044 y(|)1200 b(|)108 b(\(Authorization)158
b(|-------------)o(--)o(--)o(---)o(->)o(|)218 2156 y(|)1200
b(|)272 b(Token\))434 b(|)1199 b(|)218 2269 y(|<-------------)o(--)o
(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o
(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(|)218
2382 y(|Create\(PF=)650 b(|)1036 b(|)1199 b(|)218 2495
y(|\(src=10.1.0.5,)430 b(|)1036 b(|)1199 b(|)218 2608
y(|)54 b(dst=17.12.23.5,)321 b(|Create\(PF=)486 b(|)1199
b(|)218 2721 y(|)54 b(sport=1200,)541 b(|\(src=139.23.2)o(03)o(.23)o
(,|)1193 b(|)218 2834 y(|)54 b(dport=600\);)c(Token\))161
b(|)54 b(dst=17.12.23.5)o(,)158 b(|Create\(PF=)649 b(|)218
2947 y(|--------------)o(--)o(---)o(--)o(>|)48 b(sport=5000,)377
b(|\(src=10.1.0.5)o(,)430 b(|)218 3060 y(|)1200 b(|)54
b(dport=600\);)49 b(Token\)|)j(dst=17.12.23.5)o(,)321
b(|)218 3173 y(|)1200 b(|-------------)o(--)o(---)o(>|)48
b(sport=1200,)540 b(|)218 3286 y(|)1200 b(|)1036 b(|)54
b(dport=600\))595 b(|)218 3398 y(|)1200 b(|)1036 b(|-------------)o(--)
o(--)o(---)o(->)o(|)218 3511 y(|)1200 b(|)1036 b(|)217
b(Response\()487 b(|)218 3624 y(|)1200 b(|)1036 b(|)217
b(NAT-Object\(...\)\))102 b(|)218 3737 y(|)1200 b(|)108
b(Response\()433 b(|<------------)o(--)o(--)o(---)o(--)o(|)218
3850 y(|)1200 b(|)108 b(NAT-Object\(...\)\))48 b(|)1199
b(|)218 3963 y(|)218 b(Response\()487 b(|<------------)o(--)o(---)o(-|)
1193 b(|)218 4076 y(|)218 b(NAT-Object\(...\))o(\))103
b(|)1036 b(|)1199 b(|)218 4189 y(|<-------------)o(--)o(---)o(--)o(-|)
1030 b(|)1199 b(|)218 4302 y(|)h(|)108 b(SIP)54 b(Signaling)214
b(|)1199 b(|)218 4415 y
(|<\230\230\230\230\230\230\230\230\230\230\230\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230\230)o(\230\230)o(\230\230)o(\230\230)o
(\230\230\230)o(\230>)o(|)218 4528 y(|)h(|)1036 b(|)1199
b(|)218 4640 y(|)1036 b(Data)53 b(Traffic)e(\(unidirectional)o(\))921
b(|)218 4753 y(|==============)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o
(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)
o(===)o(=>)o(|)536 5049 y Fm(Figure)24 b(11:)29 b(Sender)n(-Initiated)f
(N)m(A)-10 b(T/Fire)n(w)o(all)22 b(T)m(ra)n(v)o(ersal)j(with)e
(Authorization)k(T)-7 b(ok)o(en)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(27])p eop
%%Page: 28 28
28 27 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fj(10.6)99 b(Sender)l(-Initiated)28 b(Fir)n(ewall)c(Signaling)g
(only)h(at)g(the)h(Access)f(Netw)o(ork)0 573 y Fm(Sometimes)g(people)i
(ar)n(gue)g(that)e(the)h(signaling)h(message)f(e)o(xchange)i(should)e
(be)g(done)g(locally)g(at)f(the)h(netw)o(ork)g(access)0
686 y(only)33 b(because)h(per)n(-\003o)n(w)f(signaling)h(messages)g
(are)f(not)f(processed)j(in)d(the)h(core)g(netw)o(ork.)56
b(Instead)34 b(of)e(sending)i(the)0 799 y(signaling)e(messages)f(from)f
(one)g(access)g(netw)o(ork)h(to)f(the)f(other)i(whereby)g(the)e
(signaling)j(messages)f(are)f(transparent)0 912 y(in)24
b(the)g(core)g(each)h(host)f(transmits)i(signaling)g(messages)f
(independently)j(in)c(its)g(o)n(wn)f(netw)o(ork.)31 b(Although)25
b(the)f(concept)0 1024 y(sounds)29 b(v)o(ery)e(simple)h(at)f(the)g
(\002rst)g(glance)h(it)f(turns)h(out)f(to)g(be)g(v)o(ery)h(comple)o(x)f
(in)g(the)h(generic)g(case.)40 b(Most)27 b(dif)n(\002culties)0
1137 y(appear)i(because)h(of)e(the)g(asymmetric)i(routing)g
(architecture.)45 b(Establishing)30 b(polic)o(y)g(rules)e(in)g(the)h
(uplink)g(direction)h(is)0 1250 y(f)o(airly)h(simple)g(and)g(requires)h
(only)f(a)f(mechanism)h(which)g(allo)n(ws)f(some)g(sort)h(of)f(scoping)
i(\(i.e.)49 b(signaling)33 b(messages)0 1363 y(ha)n(v)o(e)19
b(to)g(terminate)h(some)n(where)g(in)f(the)g(access)h(netw)o(ork\))g
(without)g(actually)g(indicating)i(the)d(end-point.)30
b(Casp)18 b(pro)o(vides)0 1476 y(means)37 b(for)f(scoping)i(and)f
(local)g(access)h(netw)o(ork)f(signaling.)70 b(Ho)n(we)n(v)o(er)36
b(the)g(installation)k(of)c(polic)o(y)h(rules)h(on)e(the)0
1589 y(do)n(wnlink)23 b(direction)h(is)e(complicated)j(because)e(some)f
(topology)j(information)f(inside)f(the)f(netw)o(ork)h(must)f(be)g(kno)n
(wn)g(in)0 1702 y(order)k(to)f(a)n(v)n(oid)i(polic)o(y)g(rule)e
(creation)j(at)d(the)g(wrong)h(de)n(vices.)35 b(Hence)26
b(there)g(is)f(a)g(b)n(uilt-in)i(risk)f(to)f(cause)h(the)g(protocol)0
1815 y(to)d(f)o(ail)h(\(i.e.)29 b(to)23 b(install)i(polic)o(y)g(rules)g
(at)e(the)h(wrong)g(location\).)141 1928 y(F)o(or)f(the)h(message)g
(\003o)n(w)e(described)k(in)e(Figure)g(12)g(we)e(assume)j(the)f(follo)n
(wing)h(protocol)g(beha)n(vior:)136 2115 y Fc(\017)46
b Fm(Host)22 b(A)e(and)i(Host)f(B)f(initiate)k(a)d(bi-directional)k
(pack)o(et)e(\002lter)e(establishment)k(with)c(a)g(scope)i(restricted)h
(to)d(the)h(lo-)227 2228 y(cal)f(access)h(netw)o(ork)g(only)-6
b(.)29 b(W)l(ithout)22 b(some)f(sort)g(of)g(bi-directional)k(signaling)
e(message)f(e)o(xchange,)h(a)f(T)t Fd(R)t(I)t(G)t(G)t(E)t(R)227
2341 y Fm(message)j(is)e(required)j(to)d(initiate)j(a)d(do)n(wnlink)i
(T)m(raf)n(\002c)d(Selection)j(establishment.)136 2529
y Fc(\017)46 b Fm(Based)28 b(on)f(the)g(characteristics)k(of)c(local)g
(signaling)j(message)e(e)o(xchanges)h(at)e(both)h(access)g(netw)o
(orks,)h(assump-)227 2642 y(tions)c(about)g(the)e(topology)j(must)e(be)
f(made)h(\(or)g(some)f(topology)j(information)g(must)e(be)g(kno)n
(wn\).)136 2829 y Fc(\017)46 b Fm(In)24 b(this)g(simpli\002ed)g
(message)h(\003o)n(w)d(no)i(N)m(A)-10 b(T)21 b(de)n(vice)k(is)e
(present.)136 3017 y Fc(\017)46 b Fm(Host)26 b(A)e(has)i(a-priori)h
(kno)n(wledge)g(about)f(the)g(pack)o(et)h(\002lter)e(for)h(the)g
(inbound)h(traf)n(\002c)e(\(i.e.)35 b(src=17.12.23.5)28
b(and)227 3130 y(sport=601\).)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(28])p eop
%%Page: 29 29
29 28 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)55
802 y Fe(+-------------)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(+)
430 b(+---------------)o(--)o(--)o(--)o(--)o(---)o(--)o(-+)55
914 y(|)54 b(+------+)651 b(+------+)50 b(|)436 b(|)54
b(+------+)488 b(+--------+)50 b(|)55 1027 y(|)k(|Host)e(A|)108
b(Network)161 b(|)54 b(FW)f(1)h(|)g(|)436 b(|)54 b(|)h(FW)e(2)h(|)g
(Network)e(|)i(Host)f(B)h(|)g(|)55 1140 y(|)g(+--+---+)269
b(A)327 b(+--+---+)50 b(|)436 b(|)54 b(+--+---+)215 b(B)j(+---+----+)50
b(|)55 1253 y(+-+--+--------)o(--)o(--)o(--)o(---)o(--)o(+-)o(--)o(--)o
(+)430 b(+----+----------)o(--)o(--)o(--)o(-+)o(---)o(-+)o(-+)164
1366 y(|Create\(PF=\(sr)o(c=)o(13)o(9.2)o(3.)o(20)o(5.)o(5,)757
b(|)1200 b(|)164 1479 y(|)54 b(dst=17.12.23.5)o(,)48
b(sport=5000,)i(dport=600\);)104 b(|)1200 b(|)164 1592
y(|)54 b(Next=Create\(PF)o(=\()o(src)o(=1)o(7.)o(12)o(.2)o(3.5)o(,)539
b(|)1200 b(|)164 1705 y(|)54 b(dst=139.23.205)o(.5)o(,sp)o(or)o(t=)o
(60)o(1,)o(dpo)o(rt)o(=5)o(00)o(1\))o(\);)48 b(|)1200
b(|)164 1818 y(|)54 b(Scope=NetworkA)o(\))321 b(|)1036
b(|)1200 b(|)164 1931 y(|-------------)o(--)o(--)o(---)o(->)o(|)1030
b(|)1200 b(|)164 2044 y(|Create\(PF=)649 b(|)1036 b(|)1200
b(|)164 2156 y(|\(src=17.12.23)o(.5)o(,)321 b(|)1036
b(|)1200 b(|)164 2269 y(|)54 b(dst=139.23.205)o(.5)o(,)212
b(|)1036 b(|)1200 b(|)164 2382 y(|)54 b(sport=601,)595
b(|)1036 b(|)1200 b(|)164 2495 y(|)54 b(dport=5001\)\))485
b(|)1036 b(|)1200 b(|)164 2608 y(|<------------)o(--)o(--)o(---)o(--)o
(|)1030 b(|)1200 b(|)164 2721 y(|)f(|)163 b(End-to-End)323
b(|)1200 b(|)164 2834 y(|)f(|)109 b(Communication)212
b(|)1200 b(|)164 2947 y(|)f(|)109 b(\(PF\))53 b(-)h(Optional)105
b(|)1200 b(|)164 3060 y(|<------------)o(--)o(--)o(---)o(--)o(--)o(--)o
(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o
(--)o(--)o(--)o(---)o(>|)164 3173 y(|)f(|Create\(PF=\(src)o(=1)o(7.1)o
(2.)o(23)o(.5)o(,)867 b(|)164 3286 y(|)1199 b(|)54 b(dst=139.23.205.)o
(5,)48 b(sport=601,)i(dport=5001\);|)164 3398 y(|)1199
b(|)54 b(Next=Create\(PF=)o(\(sr)o(c=)o(13)o(9.)o(23)o(.20)o(5.)o(5,)
430 b(|)164 3511 y(|)1199 b(|)54 b(dst=17.12.23.5,)48
b(sport=5000,)i(dport=600\)\);)f(|)164 3624 y(|)1199
b(|)54 b(Scope=NetworkB\))157 b(|)1200 b(|)164 3737 y(|)f(|)1036
b(|<-------------)o(--)o(--)o(---)o(-|)164 3850 y(|)1199
b(|)1036 b(|Create\(PF=)650 b(|)164 3963 y(|)1199 b(|)1036
b(|\(src=139.23.20)o(5.)o(5,)212 b(|)164 4076 y(|)1199
b(|)1036 b(|)54 b(dst=17.12.23.5,)321 b(|)164 4189 y(|)1199
b(|)1036 b(|)54 b(sport=5000,)541 b(|)164 4302 y(|)1199
b(|)1036 b(|)54 b(dport=600\)\))541 b(|)164 4415 y(|)1199
b(|)1036 b(|--------------)o(--)o(--)o(---)o(>|)164 4528
y(|)g(Data)52 b(Traffic)g(\(bi-directiona)o(l\))921 b(|)164
4640 y(|<============)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o
(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o
(===)o(>|)596 4936 y Fm(Figure)24 b(12:)29 b(Sender)n(-Initiated)f
(Fire)n(w)o(all)23 b(Signaling)i(only)g(at)e(the)h(Access)g(Netw)o(ork)
0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(29])p eop
%%Page: 30 30
30 29 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)141
399 y(W)l(ith)f(the)g(initial)i(C)t Fd(R)t(E)t(A)l(T)t(E)i
Fm(message)c(Host)g(A)e(already)j(supplies)h(pack)o(et)f(\002lter)e
(information)j(for)d(the)h(bi-directional)0 511 y(reserv)n(ation)28
b(\(i.e.)k(the)27 b(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(message)d(by)f(Host)f
(A)g(is)h(follo)n(wed)h(by)e(another)29 b(C)t Fd(R)t(E)t(A)l(T)t(E)g
Fm(message)d(from)f(FW)e(1\).)32 b(T)-7 b(o)0 624 y(k)o(ept)24
b(the)h(C)t Fd(R)t(E)t(A)l(T)t(E)i Fm(signaling)f(message)e(within)f
(the)h(local)g(access)g(netw)o(ork)g(scoping)h(is)e(used.)29
b(Indicating)d(a)d(particular)0 737 y(IP)c(address)j(might)f(also)g(be)
f(possible)j(b)n(ut)d(often)i(the)e(endpoint)j(is)d(unkno)n(wn)i(to)e
(the)g(end)h(host.)28 b(As)20 b(a)g(result)h(of)f(successful)0
850 y(processing)27 b(a)e(C)t Fd(R)t(E)t(A)l(T)t(E)i
Fm(message)e(is)e(returned)j(in)d(response)j(with)e(the)f(already)j
(pro)o(vided)f(pack)o(et)g(\002lter)-5 b(.)141 963 y(Optionally)36
b(an)e(end-to-end)j(message)e(communication)h(might)f(follo)n(w)f(to)g
(transmit)h(pack)o(et)g(\002lter)f(information)0 1076
y(from)23 b(Host)g(A)f(to)h(Host)g(B.)e(In)i(most)g(cases)h(some)f
(communication)j(is)d(ho)n(we)n(v)o(er)g(required.)31
b(Similar)23 b(as)g(in)f(Netw)o(ork)i(A)e(a)2 1189 y(C)t
Fd(R)t(E)t(A)l(T)t(E)28 b Fm(message)c(is)g(initiated)h(by)f(the)g(end)
g(host)g(with)f(the)h(Ne)o(xt)f(object)i(set)f(to)f(another)28
b(C)t Fd(R)t(E)t(A)l(T)t(E)f Fm(message.)141 1302 y(Finally)e(if)f(e)n
(v)o(erything)j(w)o(as)c(successful)k(data)e(can)g(be)f(e)o(xchanged)i
(in)f(both)f(directions)j(on)e(port)f(5001)p Fb(<)k Fc(\000)p
Fm(601)d(and)0 1415 y(a)e(5000)p Fc(\000)k Fb(>)p Fm(600.)0
1664 y Fj(10.7)99 b(Sender)l(-Initiated)28 b(N)n(A)-9
b(T)24 b(and)i(Fir)n(ewall)e(T)-7 b(ra)n(v)o(ersal)24
b(within)h(the)h(Access)f(Netw)o(ork)0 1838 y Fm(The)31
b(message)i(\003o)n(w)d(described)k(in)d(Figure)h(13)f(e)o(xtends)i
(the)f(description)j(in)c(Figure)h(12)g(by)f(using)i(a)e
(uni-directional)0 1951 y(signaling)23 b(e)o(xchange.)29
b(As)20 b(a)g(consequence)k(of)c(this)g(e)o(xtension)j(a)f(T)t
Fd(R)t(I)t(G)t(G)t(E)t(R)h Fm(message)e(is)f(required)j(to)d(cause)h(a)
f(do)n(wnlink)0 2064 y(signaling)30 b(message)e(to)f(be)h(sent)f
(within)h(Netw)o(ork)g(B.)d(In)j(order)g(to)f(a)n(v)n(oid)i(this)e
(message)i(Netw)o(ork)e(B)g(could)h(intercept)0 2177
y(the)h(end-to-end)j(message)e(e)o(xchange)h(to)e(trigger)h(a)f
(signaling)i(message)f(to)f(Host)f(B.)g(Ho)n(we)n(v)o(er)g(this)i
(approach)h(might)0 2290 y(suf)n(fer)24 b(from)g(the)g(problem)g(to)g
(be)f(able)i(to)e(read)h(and)g(e)n(v)n(aluate)h(end-to-end)i(signaling)
f(messages.)141 2403 y(In)i(addition,)k(a)c(N)m(A)-10
b(T)26 b(de)n(vice)j(is)f(used)i(in)e(Netw)o(ork)h(A)e(which)h
(requires)j(Host)d(A)f(to)h(request)i(a)e(N)m(A)-10 b(T)26
b(binding)31 b(and)0 2516 y(the)c(corresponding)k(N)m(A)-10
b(T)i(-Object)26 b(which)h(is)g(then)h(communicated)h(to)e(Host)g(B.)e
(Using)i(the)h(pack)o(et)g(\002lter)f(information)0 2629
y(inside)21 b(the)f(N)m(A)-10 b(T)i(-Object)19 b(Host)h(B)f(learns)i
(the)f(public)h(IP)e(address)j(and)e(port)g(information)j(of)c(the)i
(data)f(traf)n(\002c)g(transmitted)0 2741 y(by)k(Host)f(A.)141
2854 y(The)31 b(access)i(netw)o(ork)g(signaling)h(message)f(e)o
(xchange)h(requires)f(some)f(topology)i(information)g(as)d(e)o
(xplained)j(in)0 2967 y(pre)n(vious)i(\002gures.)61 b(The)35
b(T)t Fd(R)t(I)t(G)t(G)t(E)t(R)i Fm(message)f(must)e(cause)h(a)e(do)n
(wnlink)j(signaling)g(message)f(to)f(be)g(initiated)j(by)d(a)0
3080 y(netw)o(ork)21 b(de)n(vice)g(which)f(where)g(the)g(data)h(traf)n
(\002c)e(of)h(Host)g(A)e(is)i(sent)g(through.)30 b(This)20
b(particular)i(issue)f(will)e(be)h(e)o(xplained)0 3193
y(in)j(more)h(detail)h(in)e(a)g(future)i(v)o(ersion)g(of)f(the)f
(document.)141 3306 y(A)j(e)n(v)o(en)g(more)h(dif)n(\002cult)g(e)o
(xample)h(w)o(ould)f(address)h(a)e(topology)j(where)e(each)h(netw)o
(ork)f(is)g(equipped)i(with)d(a)g(N)m(A)-10 b(T)j(.)0
3419 y(The)20 b(same)h(is)f(true)i(for)e(pack)o(et)j(\002lter)d
(installation)k(for)d(data)g(traf)n(\002c)g(\003o)n(wing)f(in)h(both)g
(directions)j(with)c(one)h(or)g(tw)o(o)f(N)m(A)-10 b(Ts.)0
5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(30])p eop
%%Page: 31 31
31 30 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)109
745 y Fe(+--------------)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(-+)430
b(+--------------)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(+)109
858 y(|)54 b(+------+)651 b(+------+)51 b(|)436 b(|)54
b(+------+)487 b(+--------+)50 b(|)109 971 y(|)k(|Host)e(A|)109
b(Network)160 b(|)54 b(NAT)f(1|)h(|)436 b(|)54 b(|)g(FW)g(2)g(|)g
(Network)d(|)j(Host)f(B)h(|)g(|)109 1084 y(|)g(+--+---+)269
b(A)327 b(+--+---+)51 b(|)436 b(|)54 b(+--+---+)215 b(B)i(+---+----+)50
b(|)109 1197 y(+-+--+---------)o(--)o(--)o(---)o(--)o(-+)o(--)o(--)o
(-+)430 b(+----+---------)o(--)o(--)o(--)o(--)o(+--)o(--)o(+-)o(+)218
1310 y(|Create\(PF=)650 b(|)1036 b(|)1199 b(|)218 1423
y(|\(src=192.168.1)o(.5)o(,)267 b(|)1036 b(|)1199 b(|)218
1535 y(|)54 b(dst=17.12.23.5,)321 b(|)1036 b(|)1199 b(|)218
1648 y(|)54 b(sport=5000,)541 b(|)1036 b(|)1199 b(|)218
1761 y(|)54 b(dport=600\);)541 b(|)1036 b(|)1199 b(|)218
1874 y(|)54 b(Scope=NetworkA\))321 b(|)1036 b(|)1199
b(|)218 1987 y(|--------------)o(--)o(---)o(--)o(>|)1030
b(|)1199 b(|)218 2100 y(|Response\()705 b(|)1036 b(|)1199
b(|)218 2213 y(|NAT-Object=)595 b(|)1036 b(|)1199 b(|)218
2326 y(|\(src=139.23.20)o(3.)o(30,)157 b(|)1036 b(|)1199
b(|)218 2439 y(|)54 b(dst=17.12.23.5,)321 b(|)1036 b(|)1199
b(|)218 2552 y(|)54 b(sport=8000,)541 b(|)1036 b(|)1199
b(|)218 2665 y(|)54 b(dport=600\)\))541 b(|)163 b(End-to-End)323
b(|)1199 b(|)218 2777 y(|<-------------)o(--)o(---)o(--)o(-|)102
b(Communication)213 b(|)1199 b(|)218 2890 y(|)h(|)108
b(\(NAT-Object\))268 b(|)1199 b(|)218 3003 y(|<-------------)o(--)o
(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(--)o(--)o
(--)o(--)o(---)o(--)o(--)o(--)o(--)o(---)o(->)o(|)218
3116 y(|)h(|)1036 b(|Trigger\(PF=)594 b(|)218 3229 y(|)1200
b(|)1036 b(|\(src=139.23.2)o(05)o(.3)o(0,)157 b(|)218
3342 y(|)1200 b(|)1036 b(|)54 b(dst=17.12.23.5)o(,)321
b(|)218 3455 y(|)1200 b(|)1036 b(|)54 b(sport=8000,)540
b(|)218 3568 y(|)1200 b(|)1036 b(|)54 b(dport=600\);)540
b(|)218 3681 y(|)1200 b(|)1036 b(|)54 b(Scope=NetworkB)o(\))321
b(|)218 3794 y(|)1200 b(|)1036 b(|<------------)o(--)o(--)o(---)o(--)o
(|)218 3907 y(|)1200 b(|)1036 b(|Create\(PF=)649 b(|)218
4019 y(|)1200 b(|)1036 b(|\(src=139.23.2)o(05)o(.3)o(0,)157
b(|)218 4132 y(|)1200 b(|)1036 b(|)54 b(dst=17.12.23.5)o(,)321
b(|)218 4245 y(|)1200 b(|)1036 b(|)54 b(sport=8000,)540
b(|)218 4358 y(|)1200 b(|)1036 b(|)54 b(dport=600\)\))540
b(|)218 4471 y(|)1200 b(|)1036 b(|-------------)o(--)o(--)o(---)o(->)o
(|)218 4584 y(|)g(Data)53 b(Traffic)e(\(uni-directiona)o(l\))866
b(|)218 4697 y(|==============)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o
(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)o(===)o(==)o(==)o(==)o(==)
o(===)o(=>)o(|)435 4992 y Fm(Figure)24 b(13:)30 b(Sender)n(-Initiated)d
(N)m(A)-10 b(T)21 b(and)j(Fire)n(w)o(all)g(T)m(ra)n(v)o(ersal)h(within)
f(the)g(Access)g(Netw)o(ork)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(31])p eop
%%Page: 32 32
32 31 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fk(11)119 b(Security)31 b(Considerations)0 606
y Fm(Installing)g(pack)o(et)f(\002lters)f(to)f(one)h(or)f(more)g
(\002re)n(w)o(alls)h(is)f(a)g(security)i(sensiti)n(v)o(e)h(process.)45
b(Security)29 b(protection)i(of)e(sig-)0 718 y(naling)d(messages)f(is)f
(necessary)j(in)d(order)h(to)f(defeat)i(a)e(number)h(of)f(threats.)32
b(This)24 b(section)i(gi)n(v)o(es)e(a)g(brief)h(discussion)i(of)0
831 y(possible)f(threats)f(and)f(addresses)i(their)e(corresponding)k
(countermeasures.)0 1081 y Fj(11.1)99 b(Thr)n(eats)0
1255 y Ff(Denial)23 b(of)h(Ser)o(vice:)75 b Fm(Denial)25
b(of)g(service)h(attacks)g(can)f(be)g(launched)h(by)f(modifying)h
(messages)h(used)e(during)h(the)f(dis-)227 1368 y(co)o(v)o(ery)h
(process.)35 b(A)24 b(client)i(could)g(then)g(be)f(forced)h(to)f
(contact)i(a)d(\224wrong\224)j(\002re)n(w)o(all)d(which)i(is)e(outside)
j(the)f(data)227 1481 y(path.)61 b(Furthermore)35 b(it)e(is)h(possible)
i(to)e(\003ood)g(a)f(\002re)n(w)o(all)h(with)f(bogus)i(request)h(and)e
(thereby)i(cause)f(massi)n(v)o(e)227 1594 y(state)30
b(and)e(computational)k(resources)f(to)d(be)h(allocated)i(as)d(part)h
(of)f(the)h(k)o(e)o(y)g(e)o(xchange)h(process.)46 b(Furthermore)227
1706 y(an)27 b(adv)o(ersary)j(can)d(modify)i(the)e(pack)o(et)i
(\002lter)e(of)g(a)g(request)i(to)e(cause)h(a)f(lar)n(ge)i(number)f(of)
f(pack)o(et)i(\002lters)e(to)g(be)227 1819 y(allocated.)k(An)23
b(adv)o(ersary)i(might)f(also)g(remo)o(v)o(e)f(administrator)j
(installed)g(pack)o(et)f(\002lters)e(which)h(are)f(not)h(related)227
1932 y(to)g(pre)n(vious)h(pack)o(et)g(\002lter)f(installations)j(by)d
(users.)0 2120 y Ff(Man-in-the-Middle:)74 b Fm(MITM)18
b(attacks)j(are)e(possible)i(during)g(the)e(disco)o(v)o(ery)i(process)g
(where)e(the)h(entity)g(of)f(a)f(\002re)n(w)o(all)227
2233 y(is)28 b(disco)o(v)o(ered.)43 b(In)27 b(this)h(case)g(the)g(user)
g(might)g(be)g(con)l(vinced)j(to)c(communicate)j(with)d(a)g(\002re)n(w)
o(all)h(which)f(is)h(not)227 2346 y(the)f(case.)39 b(Man)o(y)26
b(of)g(these)i(attacks)g(are)f(related)h(to)e(the)h(disco)o(v)o(ery)i
(mechanism)f(and)f(therefore)h(also)g(described)227 2459
y(in)e([1)q(].)35 b(Further)27 b(threats)g(which)f(are)h(not)f
(speci\002c)h(to)e(the)i(scout)g(mechanism)g(b)n(ut)f(also)h(related)g
(to)f(the)g(ne)o(xt-hop)227 2572 y(disco)o(v)o(ery)k(mechanism)g
(require)g(further)f(in)l(v)o(estigation)j(\(such)d(as)g(SLP)-10
b(,)25 b(DHCP)-10 b(,)26 b(DNS,)g(etc.\).)42 b(The)28
b(authors)i(of)227 2684 y(some)25 b(of)f(these)h(con\002guration)j
(mechanisms)e(ha)n(v)o(e)e(already)j(identi\002ed)e(potential)i
(vulnerabilities)i(and)c(pro)o(vide)227 2797 y(the)f(corresponding)k
(security)d(protection.)0 2985 y Ff(Ea)n(v)o(esdr)n(opping:)75
b Fm(An)28 b(ea)n(v)o(esdropper)33 b(might)c(be)f(able)i(to)e(learn)i
(some)f(installed)i(pack)o(et)f(\002lters)f(by)g(listening)i(to)e(the)
227 3098 y(signaling)23 b(message)f(communication)h(between)e(a)f
(client)h(and)g(a)f(\002re)n(w)o(all.)27 b(Furthermore)22
b(it)e(might)h(be)f(possible)i(to)227 3211 y(learn)27
b(an)g(e)o(xchanged)h(authorization)j(tok)o(ens)c(between)h(the)e(tw)o
(o)g(entities)i(or)e(between)i(entities)g(along)f(the)g(path.)227
3324 y(Since)f(the)f(session)i(identi\002er)g(is)e(used)g(to)h
(uniquely)h(identify)g(state)f(established)i(along)f(entities)g(along)f
(the)f(path)227 3437 y(an)f(adv)o(ersary)i(might)d(reuse)i(this)f
(identi\002er)h(to)f(refer)g(to)f(e)o(xisting)j(state)e(information.)0
3624 y Ff(Integrity)h(V)m(iolation:)75 b Fm(By)33 b(modifying)j(a)d
(request)i(message,)i(an)d(adv)o(ersary)h(can)f(delete)h(installed)h
(\002re)n(w)o(all)d(\002lters,)227 3737 y(install)25
b(\002lters)f(using)h(a)e(dif)n(ferent)i(authorization)j(identity)d(or)
f(to)f(create)i(\002lters)f(with)f(a)g(lar)n(ge)i(lifetime.)0
3925 y Ff(Masquerading:)75 b Fm(An)25 b(adv)o(ersary)k(might)e(gain)f
(information)j(by)e(querying)h(installed)h(pack)o(et)f(\002lters)f(at)f
(a)g(\002re)n(w)o(all)g(by)227 4038 y(masquerading)h(the)d(identify)h
(of)f(a)f(real)h(user)-5 b(.)29 b(This)24 b(might)g(be)f(used)h(for)g
(subsequent)j(attacks.)0 4225 y Ff(Rogue)c(Fir)n(ewall:)76
b Fm(An)30 b(adv)o(ersary)k(at)d(a)h(compromised)h(\002re)n(w)o(all)e
(might)h(e)o(xploit)h(an)f(e)o(xisting)h(trust)f(relationship)j(to)227
4338 y(install)h(or)e(remo)o(v)o(e)h(\002lters)f(at)h(other)g(\002re)n
(w)o(alls.)61 b(Furthermore)36 b(it)e(is)g(possible)j(to)d(return)i(a)e
(N)m(A)-10 b(T)32 b(object)j(with)227 4451 y(wrong)24
b(information)i(causing)g(subsequent)g(data)f(traf)n(\002c)e(to)h(be)f
(send)i(to)e(an)h(arbitrary)h(location.)0 4639 y Ff(Unauthorized)e
(Access:)75 b Fm(A)28 b(re)o(gular)i(user)f(might)g(install)h(\002re)n
(w)o(all)e(\002lters)h(although)i(he)e(is)f(not)h(allo)n(wed)h(because)
g(of)227 4752 y(missing)c(authorization.)37 b(Administrators)28
b(are)d(usually)i(v)o(ery)e(concerned)j(about)e(installing)i(pack)o(et)
e(\002lters)f(from)227 4865 y(users)g(access)g(from)e(an)h(e)o(xternal)
h(netw)o(ork.)0 5052 y Ff(Replay)e(Attacks:)75 b Fm(An)33
b(adv)o(ersary)i(might)e(ea)n(v)o(esdrop)j(CASP-N)m(A)-10
b(TFW)28 b(signaling)36 b(messages)f(and)e(use)g(them)g(later)227
5165 y(for)25 b(a)f(replay)i(attack.)34 b(Furthermore)26
b(an)f(adv)o(ersary)h(might)f(be)g(able)g(to)g(collect)h(authorization)
j(tok)o(ens)d(and)f(reuse)227 5278 y(them)f(in)f(a)g(dif)n(ferent)j
(conte)o(xt)f(or)e(later)i(in)e(time)g(to)h(open)g(holes)h(into)f(a)f
(\002re)n(w)o(all.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)
h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(32])p eop
%%Page: 33 33
33 32 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Ff(Pri)o(v)o(acy)i(V)m(iolation:)75 b Fm(Adv)o(ersaries)34
b(can)e(learn)h(about)g(the)f(NI)e(and)j(NR')-5 b(s)30
b(identities)35 b(participating)g(in)d(the)g(message)227
511 y(e)o(xchange)c(by)f(ea)n(v)o(esdropping)j(information)f(e)o
(xchanged)f(between)f(the)g(tw)o(o)f(end-systems.)39
b(Especially)28 b(autho-)227 624 y(rization)h(tok)o(ens)g(e)o(xchanged)
g(between)f(end-systems)i(outside)e(the)g(CASP)c(protocol)29
b(\(as)e(e)o(xplained)i(in)e(Section)227 737 y(4.4\))d(represent)i(a)d
(vulnerability)-6 b(.)0 986 y Fj(11.2)99 b(Countermeasur)n(es)0
1161 y Fm(T)-7 b(o)22 b(pre)n(v)o(ent)j(the)f(abo)o(v)o(e-listed)i
(attacks)g(a)d(number)h(of)g(countermeasures)j(are)d(tak)o(en:)0
1373 y Ff(Denial)f(of)h(Ser)o(vice:)75 b Fm(T)-7 b(o)31
b(limit)h(denial)h(of)f(service)h(attacks)h(a)d(number)i(of)e
(countermeasure)36 b(were)c(tak)o(en.)54 b(First)32 b(the)227
1486 y(scout)26 b(protocol)h(\(and)f(other)g(con\002guration)i
(mechanisms\))f(e)o(xperience)g(some)e(protection)j(to)d(pre)n(v)o(ent)
h(basic)g(at-)227 1599 y(tacks.)k(Furthermore)24 b(it)e(is)g(necessary)
j(to)d(mutually)i(authenticate)i(and)d(authorize)i(both)e(peers)g
(after)h(establishing)227 1712 y(a)31 b(transport)j(layer)f(connection)
i(as)c(described)j(in)e([1].)53 b(Since)32 b(the)f(authentication)36
b(and)c(k)o(e)o(y)g(e)o(xchange)i(proto-)227 1825 y(col)27
b(requires)i(state)f(and)f(computational)j(resources)f(it)d(has)h(to)g
(be)g(resistant)i(against)f(denial)g(of)e(service)j(attacks.)227
1938 y(When)20 b(transmitting)i(CASP-N)m(A)-10 b(TFW)15
b(speci\002c)20 b(information)i(protection)g(of)d(the)h(requests)h
(itself)f(is)f(necessary)j(to)227 2051 y(pre)n(v)o(ent)j(an)f(adv)o
(ersary)h(from)f(object)h(modi\002cation)g(which)f(otherwise)h(w)o
(ould)f(cause)h(unpredictable)i(beha)n(vior)-5 b(.)0
2238 y Ff(Man-in-the-Middle:)74 b Fm(MITM)37 b(attacks)i(during)g(the)f
(disco)o(v)o(ery)i(phase)f(are)f(pre)n(v)o(ented)h(by)f(secure)h
(con\002guration)227 2351 y(mechanisms.)49 b(The)29 b(scout)i(protocol)
h(e)o(xperiences)h(limited)d(security)i(protection)h(by)d(its)f
(nature.)49 b(Ho)n(we)n(v)o(er)29 b(an)227 2464 y(authentication)37
b(and)32 b(authorization)37 b(step)32 b(is)g(required)j(after)e
(learning)h(the)f(identity)h(of)e(the)g(ne)o(xt)h(CASP)d(peer)-5
b(.)227 2577 y(MITM)23 b(adv)o(ersaries)j(will)d(e)o(xperience)k(dif)n
(\002culties)e(launching)i(a)c(successful)j(attack)f(after)g(transport)
h(layer)e(con-)227 2690 y(nection)i(establishment)g(because)g(of)d(the)
h(signaling)i(message)f(protection.)0 2878 y Ff(Ea)n(v)o(esdr)n
(opping:)75 b Fm(Ea)n(v)o(esdropping)35 b(of)c(signaling)i(messages)g
(is)e(pre)n(v)o(ented)i(by)e(using)h(either)h(IPSec)d(ESP)f(\(without)
227 2990 y(NULL)17 b(encryption\))22 b(or)c(by)h(using)h(TLS)d(\(with)i
(encryption)j(cipher)n(-suites\).)31 b(It)19 b(is)f(therefore)j(not)f
(possible)h(to)d(learn)227 3103 y(authorization)31 b(tok)o(ens,)d
(session)g(identi\002ers)g(or)e(other)i(\002re)n(w)o(all)e(pack)o(et)i
(\002lter)e(speci\002c)h(information)i(that)e(might)227
3216 y(be)d(useful)h(for)f(an)g(adv)o(ersary)i(ea)n(v)o(esdropping)j
(on)24 b(for)g(e)o(xample)g(a)g(wireless)h(link.)30 b(W)l(ith)24
b(the)h(suggested)h(security)227 3329 y(protection)35
b(ea)n(v)o(esdropping)g(is)d(therefore)i(only)e(possible)i(at)d(CASP-N)
m(A)-10 b(TFW)28 b(a)o(w)o(are)j(nodes)i(participating)i(in)227
3442 y(the)30 b(signaling)h(message)f(e)o(xchange.)48
b(This)28 b(is,)i(ho)n(we)n(v)o(er)l(,)h(intentional)h(and)e(required)h
(for)e(the)g(operation)j(of)d(the)227 3555 y(protocol.)0
3743 y Ff(Integrity)c(V)m(iolation:)75 b Fm(Modifying)27
b(the)e(content)h(of)f(signaling)i(pack)o(ets)g(is)d(pre)n(v)o(ented)j
(by)d(either)i(IPSec)e(or)h(TLS.)d(Ex-)227 3856 y(changed)37
b(information)h(thereby)f(e)o(xperiences)h(both)e(con\002dentiality)i
(as)e(well)e(as)h(inte)o(grity)i(protection.)67 b(The)227
3968 y(usage)25 b(of)e(inte)o(grity)j(protection)g(with)e(IPSec)e(ESP)g
(is)h(strongly)j(recommended.)0 4156 y Ff(Masquerading:)75
b Fm(Spoo\002ng)33 b(an)h(identity)h(to)e(be)g(able)h(to)f(delete)i(or)
e(query)h(installed)i(pack)o(et)f(\002lter)e(information)i(is)227
4269 y(pre)n(v)o(ented)e(by)e(authentication)k(of)c(the)g(originator)i
(\(i.e.)50 b(data)32 b(origin)g(authentication\))j(of)c(transmitted)i
(signal-)227 4382 y(ing)h(messages.)58 b(F)o(or)32 b(the)h
(establishment)j(of)d(the)g(required)i(security)g(associations)i
(mutual)c(authentication)k(is)227 4495 y(assumed.)0 4682
y Ff(Rogue)23 b(CASP-N)n(A)-9 b(TFW)20 b(Node:)74 b Fm(Fire)n(w)o(alls)
31 b(are)g(security)h(sensiti)n(v)o(e)h(netw)o(ork)e(de)n(vices.)51
b(An)30 b(adv)o(ersary)j(can)e(use)g(a)227 4795 y(compromised)21
b(\002re)n(w)o(all)e(in)g(a)f(number)i(of)f(w)o(ays.)27
b(T)-7 b(o)18 b(pre)n(v)o(ent)i(a)f(compromised)i(\002re)n(w)o(all)e
(to)f(harm)h(other)h(\002re)n(w)o(alls,)227 4908 y(trust)j(might)f(be)g
(limited)h(and)g(strong)g(v)o(eri\002cation)h(of)e(request)i(might)e
(be)g(required.)31 b(In)21 b(case)i(of)f(missing)h(peer)n(-to-)227
5021 y(peer)d(trust)h(relationships)i(more)d(sophisticated)j(protocol)f
(handling)g(\(as)e(described)i(in)d(4.3)h(and)g(4.4\))f(is)h(necessary)
-6 b(.)227 5134 y(Such)23 b(a)f(handling)j(mak)o(es)e(it)f(more)g(dif)n
(\002cult)h(for)g(an)f(adv)o(ersary)j(to)d(perform)i(a)e(successful)j
(attack.)30 b(Note)22 b(that)h(an)o(y)227 5247 y(malicious)g(CASP-N)m
(A)-10 b(TFW)16 b(\(or)21 b(CASP)d(node)k(in)e(general\))j(can)e
(impact)g(the)g(security)i(of)d(other)i(entities)g(\(not)g(just)227
5360 y(\002re)n(w)o(alls\).)0 5656 y Fl(H.)c(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(33])p eop
%%Page: 34 34
34 33 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Ff(Unauthorized)g(Access:)75 b Fm(Dif)n(ferentiation)26
b(of)c(access)h(rights)g(between)g(v)n(arious)h(users)f(and)g(user)n
(-groups)i(is)d(common.)227 511 y(The)f(same)h(type)g(of)g
(authorization)j(mechanisms)e(based)g(on)f(access)g(control)i(lists)e
(can)g(be)f(applied.)30 b(If)21 b(authoriza-)227 624
y(tion)26 b(tok)o(ens)g(are)f(used)h(then)f(additionally)j(a)d(locally)
h(kno)n(wn)f(user)h(must)e(be)h(able)g(to)g(request)i(such)e(a)f(tok)o
(en.)34 b(F)o(or)227 737 y(the)24 b(trust)g(relationship)j(described)f
(in)d(4.3)h(one)f(administrati)n(v)o(e)k(domain)d(must)f(ha)n(v)o(e)h
(a)f(pre-established)28 b(security)227 850 y(association.)54
b(The)30 b(establishment)k(of)c(such)i(this)f(security)i(association)h
(is)c(usually)j(bound)f(to)e(speci\002c)i(access)227
963 y(control)26 b(rights.)0 1151 y Ff(Pri)o(v)o(acy)f(V)m(iolation:)75
b Fm(Encryption)30 b(of)f(information)h(about)g(user)f(identities)i
(contained)g(in)d(authorization)k(tok)o(en)e(pre-)227
1264 y(v)o(ents)e(an)f(adv)o(ersary)i(from)e(obtaining)j(user)d
(speci\002c)h(information.)42 b(Currently)28 b(only)g(a)f(k)o(e)o(yed)h
(message)g(digest)227 1377 y(function)h(\(HMA)l(C\))24
b(is)i(pro)o(vided)i(to)e(protect)i(the)e(authorization)k(tok)o(en)e
(content)f(against)h(modi\002cation.)38 b(Either)227
1489 y(a)27 b(custom)h(mechanisms)h(for)f(encrypting)i(some)e(tok)o(en)
g(parts)g(or)g(CMS)d(encryption)30 b(could)f(be)e(used)h(to)g(pro)o
(vide)227 1602 y(the)c(necessary)i(protection.)32 b(Further)24
b(in)l(v)o(estigation)j(is)c(required.)141 1815 y(Linking)k
(authorization)j(between)d(dif)n(ferent)h(protocols,)h(to)d(strict)h
(polic)o(y)g(rule)g(creation)h(by)e(the)g(end)h(host,)g(is)e(pos-)0
1928 y(sible)j(with)g(authorization)j(tok)o(ens)e(which)f(contain)h
(information)h(about)f(the)f(application,)j(polic)o(y)e(rule,)f
(authorization)0 2041 y(decision,)33 b(lifetime,)e(etc.)46
b(An)29 b(authorization)k(tok)o(en)d(can)g(be)f(based)i(on)e(CMS)e(or)i
(on)h(a)f(custom)h(security)h(mechanism)0 2154 y(such)24
b(as)g(de\002ned)g(in)g([10)q(,)e(11)q(].)141 2267 y(T)-7
b(o)30 b(summarize:)46 b(CASP)29 b(uses)j(security)h(mechanisms)g
(described)h(in)d([1)q(].)52 b(Securing)32 b(the)g(messaging)h(layer)f
(in)g(a)0 2379 y(CASP-peer)24 b(to)i(CASP-peer)e(f)o(ashion)j(is)e(pro)
o(vided)i(either)g(by)e(IPsec)g(or)h(by)f(TLS.)e(In)i(some)g(cases)h
(security)h(protection)0 2492 y(between)g(neighboring)j(peers)d(is)f
(not)g(suf)n(\002cient.)37 b(Non)26 b(peer)n(-to-peer)k(protection)f
(of)c(client)j(layer)f(objects)g(is)f(pro)o(vided)0 2605
y(by)c(CMS)f(which)h(allo)n(ws)g(CASP-N)m(A)-10 b(TFW)18
b(objects)24 b(de\002ned)f(in)f(this)h(document)h(to)e(be)g
(encapsulated)k(and)c(protected)j(by)0 2718 y(CMS.)0
3011 y Fk(12)119 b(Conclusion)0 3218 y Fm(CASP-N)m(A)-10
b(TFW)29 b(aims)k(to)g(pro)o(vide)h(a)f(long-term)i(solution)g(to)e
(communicate)i(with)e(N)m(A)-10 b(Ts)31 b(and)j(Fire)n(w)o(alls)f(with)
g(the)0 3331 y(follo)n(wing)25 b(properties:)0 3543 y
Ff(Routing)e(of)g(Signaling)h(Messages:)76 b Fm(CASP)28
b(with)i(its)g(scout)h(disco)o(v)o(ery)g(mechanisms)h(allo)n(ws)e
(signaling)j(messages)227 3656 y(to)23 b(follo)n(w)g(the)g(path)g(of)g
(the)g(data)g(traf)n(\002c)g(to)n(w)o(ards)g(a)g(destination.)31
b(This)23 b(assumes)h(that)f(standard)i(routing)f(is)f(used.)227
3769 y(CASP)-10 b(,)27 b(ho)n(we)n(v)o(er)l(,)j(operates)i(independent)
g(of)d(the)h(underlying)i(routing)f(mechanism.)46 b(Route)30
b(changes)h(can)e(be)227 3882 y(detected)37 b(by)f(the)f(scout)h
(protocol)h(and)f(signaling)h(message)g(transmission)g(is)e(adopted)i
(accordingly)-6 b(.)67 b(Other)227 3995 y(mechanisms)25
b(for)f(detecting)i(route)f(changes)g(can)f(also)g(be)g(used)g(such)h
(as)e(routing)i(protocols.)0 4182 y Ff(Security)f(Pr)n(otection:)76
b Fm(Creating)24 b(holes)f(into)g(a)f(\002re)n(w)o(all)h(is)f(a)g
(sensiti)n(v)o(e)i(task)f(that)g(requires)h(trust)g(and)f(an)f
(appropriate)227 4295 y(security)32 b(protection)h(of)d(the)g
(signaling)i(messages)g(in)e(order)g(to)g(be)g(successful.)51
b(T)m(rust)29 b(assumptions)k(between)227 4408 y(the)e(participating)j
(entities)e(thereby)h(determine)f(whether)f(the)g(task)g(of)f
(installing)k(pack)o(et)d(\002lters)g(at)f(a)g(\002re)n(w)o(all)227
4521 y(is)d(possible)i(at)d(all.)38 b(CASP-N)m(A)-10
b(TFW)23 b(thereby)28 b(reuses)g(the)f(security)i(mechanisms)f
(introduced)i(by)d(CASP)-10 b(.)23 b(Still)227 4634 y(some)30
b(additional)i(security)f(mechanisms)g(described)h(in)e(this)g
(document)h(ha)n(v)o(e)f(to)f(be)g(used)i(to)e(pro)o(vide)i(secure)227
4747 y(protocol)26 b(operation.)0 4935 y Ff(Flexibility)f(in)d(Message)
j(Deli)o(v)o(ery:)76 b Fm(Signaling)37 b(messages)g(can)e(be)h
(triggered)h(by)e(an)o(y)g(node)h(along)h(the)e(path.)64
b(In)227 5048 y(most)24 b(cases,)h(ho)n(we)n(v)o(er)l(,)g(it)f(is)g
(the)g(responsibility)k(of)c(the)h(signaling)h(message)f(initiator)i
(\(typically)f(the)f(end)f(host\))227 5160 y(to)35 b(pro)o(vide)g(the)g
(necessary)i(information)g(polic)o(y)e(rules)g(install.)63
b(CASP)32 b(messages)j(might)g(terminate)h(at)e(an)o(y)227
5273 y(CASP)22 b(peer)j(along)h(the)e(path.)32 b(Hence)25
b(it)f(is)g(not)g(necessary)j(to)e(forw)o(ard)g(the)f(messages)i(to)f
(the)f(\002nal)g(destination.)227 5386 y(The)33 b(decision)i(whether)f
(to)f(furthermore)j(forw)o(ard)e(the)f(signaling)j(message)e(to)n(w)o
(ard)g(the)f(destination)k(can)c(be)0 5656 y Fl(H.)18
b(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25
b(September)f(2003)728 b([P)o(age)24 b(34])p eop
%%Page: 35 35
35 34 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)227
399 y(caused)j(by)e(the)h(initiator)h(\(by)e(including)j(CASP)22
b(speci\002c)j(information\))i(or)d(the)g(decision)j(could)e(also)g(be)
f(forced)227 511 y(for)31 b(e)o(xample)g(by)f(a)g(non)h(CASP-a)o(w)o
(are)e(\002re)n(w)o(all.)49 b(Such)30 b(a)g(de)n(vice)i(might)f(not)f
(forw)o(ard)i(CASP)c(message.)50 b(An)227 624 y(e)o(xample)28
b(is)e(an)h(authorization)k(f)o(ailure)d(generated)h(because)g(of)e
(lacking)h(trust)g(\(and)f(proper)h(credentials)i(by)d(the)227
737 y(signaling)f(initiator\).)0 925 y Ff(Err)n(or)e(Resilience:)76
b Fm(CASP)21 b(w)o(as)j(designed)i(based)f(on)f(the)g(soft-state)i
(principle)g(to)e(allo)n(w)g(orphan)h(states)g(to)f(time-out)227
1038 y(automatically)-6 b(.)0 1225 y Ff(End)21 b(Host)j(T)-8
b(opology)24 b(Unawar)n(eness:)75 b Fm(Routing)30 b(signaling)h
(messages)f(along)f(the)g(data)g(path)g(allo)n(ws)f(CASP)e(a)o(w)o(are)
227 1338 y(nodes)f(to)e(re\003ect)g(topology)j(information)g(into)e
(the)f(processing)j(of)d(CASP)e(signaling)26 b(messages.)k(Processing)
25 b(of)227 1451 y(Filters)31 b(is)f(an)g(e)o(xample)h(where)g(local)g
(topology)i(and)d(protocol)j(information)g(need)e(to)f(be)g(a)n(v)n
(ailable)j(to)d(ensure)227 1564 y(proper)24 b(beha)n(vior)-5
b(.)31 b(Filter)23 b(handling)h(is)f(already)h(de\002ned)f(in)f(CASP)e
([1)q(].)28 b(De\002ning)23 b(them)f(at)g(the)h(CASP)d(M-Layer)227
1677 y(is)i(necessary)i(since)f(this)f(object)h(is)f(used)g(by)g(more)g
(than)g(one)g(client)h(layer)g(protocol.)30 b(The)21
b(Filter)h(used)h(in)e(CASP-)227 1790 y(QoS)28 b([12)r(])g(messages)j
(might)f(require)h(modi\002cation)g(by)e(a)g(N)m(A)-10
b(T)27 b(along)k(the)e(path.)47 b(Mid-path)31 b(modi\002cation)g(of)227
1903 y(the)j(pack)o(et)g(\002lter)f(allo)n(ws)g(the)h(end)f(host)h(to)f
(be)g(topology)i(una)o(w)o(are.)58 b(If)33 b(topology)j(information)f
(needs)f(to)f(be)227 2016 y(incorporated)d(into)d(the)f(signaling)j
(message)e(processing)j(then)c(it)g(should)i(be)e(done)h(at)f(the)h
(locations)h(where)f(the)227 2129 y(corresponding)38
b(information)e(is)d(easily)i(a)n(v)n(ailable)g(\(for)f(e)o(xample)g
(at)g(the)f(indi)n(vidual)j(CASP-N)m(A)-10 b(TFW)29 b(a)o(w)o(are)227
2242 y(nodes)c(along)g(the)f(path\).)0 2534 y Fk(13)119
b(Open)31 b(Issues)136 2741 y Fc(\017)46 b Fm(The)23
b(format)h(of)g(the)g(objects)h(need)f(more)g(w)o(ork.)136
2929 y Fc(\017)46 b Fm(The)30 b(structure)i(of)e(the)g(authorization)k
(tok)o(en)d(needs)g(more)f(in)l(v)o(estigation.)51 b(There)31
b(is)e(also)i(a)e(question)k(about)e(a)227 3042 y(custom)25
b(tok)o(en)f(format)h(or)e(a)g(CMS)f(object.)30 b(Both)23
b(ha)n(v)o(e)i(adv)n(antages)h(and)e(disadv)n(antages.)136
3229 y Fc(\017)46 b Fm(T)-6 b(erminology)25 b(needs)f(to)e(be)h
(aligned)i(with)d(the)h(Midcom)g(Requirements)i(and)e(Frame)n(w)o(ork)g
(drafts.)30 b(Issues)24 b(\(such)227 3342 y(as)j(groups)h(of)f(polic)o
(y)h(rules\))g(discussed)h(in)e(these)g(documents)i(ha)n(v)o(e)f(to)e
(be)h(mapped)h(against)g(the)f(issues)h(in)f(this)227
3455 y(draft.)136 3643 y Fc(\017)46 b Fm(P)o(ack)o(et)24
b(\002lter)f(attrib)n(utes)j(need)e(some)f(w)o(ork)h(to)f(a)n(v)n(oid)i
(the)e(comple)o(x)h(v)o(eri\002cation)h(in)f(case)f(of)h(o)o(v)o
(erlapping)i(rules.)227 3756 y(It)f(must)h(not)g(be)f(possible)j(to)d
(pre)n(v)o(ent)i(an)e(administrator)n(-created)31 b(den)o(y)26
b(polic)o(y)h(rule)f(to)f(become)i(inef)n(fecti)n(v)o(e)g(by)227
3869 y(an)i(added)h(allo)n(w)f(polic)o(y)h(rule)g(with)e(an)h(o)o(v)o
(erlapping)j(port)d(range.)46 b(Hence)30 b(it)e(might)h(be)g(necessary)
j(to)d(ha)n(v)o(e)g(an)227 3982 y(additional)e(v)o(eri\002cation)e
(step)f(to)g(pre)n(v)o(ent)g(these)h(type)f(of)g(problems.)136
4169 y Fc(\017)46 b Fm(The)33 b(N)m(A)-10 b(T)i(-Object)32
b(might)i(not)g(necessarily)i(be)d(required,)38 b(the)33
b(approach)j(tak)o(en)e(in)g([6])f(could)i(be)e(used.)59
b(The)227 4282 y(polic)o(y)27 b(rule)f(creator)g(uses)g(a)f(\002lter)g
(with)h(an)f(internal)i(address/port)i(pair)l(,)d(an)g(optional)h
(inside)g(address/port)i(pair)227 4395 y(\(called)24
b(in)d(this)i(document)g(a)f(local)h(destination)i(address/port)g(pair)
d(used)h(for)f(twice)g(N)m(A)-10 b(T\))20 b(with)i(no)f(parameters,)227
4508 y(as)27 b(well)g(as)g(the)h(e)o(xternal)h(address/port)h(pair)e
(\(remote)g(entity)h(that)f(will)e(recei)n(v)o(e)j(the)e(data)h(\003o)n
(w\).)38 b(In)27 b(case)h(there)227 4621 y(is)e(a)f(N)m(A)-10
b(T)23 b(on)j(the)g(path,)g(the)g(N)m(A)-10 b(T)24 b(will)h(pro)o(vide)
i(an)e(outside)j(address/pair)h(\(translated)f(address/port\))i(if)25
b(it)h(w)o(as)227 4734 y(\002re)n(w)o(all)e(the)f(outside)j
(address/pair)h(w)o(ould)d(be)f(the)h(e)o(xternal)h(address/pair)-5
b(.)0 5026 y Fk(14)119 b(Ackno)o(wledgements)0 5233 y
Fm(W)-7 b(e)25 b(w)o(ould)h(lik)o(e)h(to)e(thank)i(\(in)f(alphabetical)
j(order\))e(Stef)n(fen)g(Fries,)f(Xiaoming,)g(Fu,)g(Joer)n(g)h
(Ottensmayer)g(and)g(Martin)0 5346 y(Reinhardt)e(for)f(their)g
(comments)h(to)e(this)h(draft.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e
(Schulzrinne,)h(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(35])p eop
%%Page: 36 36
36 35 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fk(A)120 b(Object)30 b(F)m(ormat)f(Details)0 606
y Fm(F)o(or)23 b(concreteness,)k(we)22 b(describe)k(a)d(stra)o(wman)h
(pack)o(et)h(format)f(belo)n(w)-6 b(.)141 718 y(All)22
b(CASP)f(messages)j(are)f(composed)i(of)e(one)g(or)g(more)g(TL)-9
b(V)21 b(\(type-length-v)n(alue\))28 b(objects.)i(W)l(ithin)24
b(each)g(object,)0 831 y(elements)k(are)f(aligned)h(on)f(multiples)h
(of)e(their)h(size,)h(to)e(speed)i(processing.)41 b(All)26
b(objects)i(ha)n(v)o(e)f(lengths)h(of)f(a)f(multiple)0
944 y(of)d(32)h(bits.)29 b(The)23 b(length)i(\002eld)f(in)f(the)h
(object)h(indicates)h(the)e(number)g(of)g(32-bit)h(w)o(ords.)141
1057 y(W)-7 b(e)32 b(describe)i(messages)g(and)f(objects)h(as)e
(pseudo-C)i(structures.)57 b(Elements)33 b(are)g(enumerated)h(in)e
(transmission)0 1170 y(order)-5 b(.)36 b(W)-7 b(e)24
b(use)i(the)g(data)g(types)h(uint8,)f(uint16,)i(uint32,)f(uint64,)g
(uint128)h(to)d(identify)j(unsigned)g(inte)o(gers)f(with)e(8,)g(16,)0
1283 y(32,)e(64)h(or)f(128)i(bits,)e(respecti)n(v)o(ely)-6
b(.)141 1396 y(De\002nitions)25 b(for)f(IPv4)f(and)h(IPv6)g(address)h
(for)f(the)f(usage)i(with)f(T)m(raf)n(\002c)e(Selectors)j(are)f
(already)h(pro)o(vided)h(in)d([1)q(].)141 1509 y(IPSec)g(ESP)e(and)j
(AH)e(SPIs)h(is)g(four)h(bytes)h(in)e(length.)0 1746
y Fe(typedef)51 b(struct)h(uint32)g(SPI;)141 1984 y Fm(Using)23
b(a)f(custom)i(authorization)i(tok)o(en)e(format)f(might)g(be)f(more)h
(lightweight.)31 b(\(TBD:)21 b(Authorization)26 b(tok)o(ens)e(can)0
2097 y(either)g(be)e(de\002ned)i(as)e(CMS)f(objects)k(or)d(as)h(a)f
(objects)i(with)f(a)f(custom)h(structure.)31 b(Using)23
b(CMS)e(object)j(w)o(ould)f(simplify)0 2209 y(its)k(de\002nition)h(and)
g(w)o(ould)f(allo)n(w)g(a)f(more)h(generic)i(usage.)39
b(Ho)n(we)n(v)o(er)27 b(CMS)e(objects)j(are)f(lar)n(ger)i(in)d(size)i
(than)f(custom)0 2322 y(b)n(uild)e(tok)o(ens.)30 b(Some)23
b(in)l(v)o(estigation)k(is)c(required)j(to)d(\002nd)h(the)f(optional)j
(usage.\))141 2435 y(The)d(follo)n(wing)i(\002elds)f(could)h(be)e
(included)j(in)d(such)i(a)e(tok)o(en:)0 2673 y Fe(typedef)51
b(struct)h({)164 2786 y(uint32)f(ID;)164 2899 y(Identity)g
(token_creator,)d(token_requesto)o(r,)g(token_user;)164
3011 y(Identity)j(src_addr,)f(dst_addr;)164 3124 y(NTP_TIMESTAMP)e
(timestamp;)164 3237 y(uint8)k(AlgorithmID;)164 3350
y(uint8)g(HMAC[20];)164 3463 y(...Object)e(describing)g(the)j
(authorized)d(PF....)0 3576 y(})k(AuthToken;)141 3813
y Fm(An)27 b(authorization)32 b(tok)o(en)d(is)f(identi\002ed)i(by)e(a)f
(32-bit)j(number)-5 b(.)42 b(The)28 b(src)p 2518 3813
28 4 v 34 w(addr)g(and)h(the)f(dst)p 3142 3813 V 34 w(addr)h(attrib)n
(ute)h(might)0 3926 y(contains)f(an)e(IPv4,)h(IPv6)f(address)i(or)e(a)f
(FQDN.)f(The)h(Identity)j(can)f(either)g(be)f(a)g(generic)h(Unicode)h
(and)e(ASCII)f(ID,)g(a)0 4039 y(FQDN)d(or)i(a)g(URI.)f(Unicode)i
(Identi\002ers)h(\(Unicode)p 1707 4039 V 35 w(ID\),)e(ASCII)e
(Identi\002ers)k(and)f(FQDNs)d(are)j(de\002ned)g(in)f([13)q(].)34
b(The)0 4152 y(Uniform)24 b(Resource)h(Identi\002ers)g(\(URI\))e(is)g
(de\002ned)i(in)e([14)q(].)141 4265 y(Since)e(a)g(N)m(A)-10
b(T)19 b(may)i(change)i(the)e(source)i(address)g(it)e(is)g(possible)i
(to)e(specify)i(a)e(FQDN,)d(URI)i(or)h(an)g(ASCII/Unicode)0
4378 y(ID)26 b(or)g(to)h(omit)g(the)g(\002eld.)38 b(The)26
b(tok)o(en)p 1243 4378 V 35 w(creator)i(speci\002es)g(the)f(identity)i
(of)e(the)g(entity)h(which)f(w)o(as)f(responsible)k(for)d(the)0
4491 y(creation)33 b(of)d(the)h(tok)o(en.)51 b(Information)33
b(about)f(this)f(entity)h(is)f(necessary)i(to)e(route)g(the)g(tok)o(en)
h(to)f(the)f(same)h(entity)h(for)0 4604 y(v)o(eri\002cation.)42
b(Information)30 b(about)e(the)g(entity)h(requesting)h(the)d(tok)o(en)i
(might)f(be)f(required.)42 b(Finally)29 b(the)e(user)h(identity)0
4717 y(obtained)i(from)d(authentication)32 b(might)c(be)g(included.)43
b(Especially)30 b(if)d(authentication)32 b(to)c(a)f(\002re)n(w)o(all)g
(in)h(the)g(middle)g(of)0 4830 y(the)c(CASP-chain)f(is)g(required)j
(then)e(this)g(information)i(pro)o(vides)g(additional)g(authorization)i
(information.)141 4943 y(F)o(or)33 b(cryptographic)38
b(protection)f(of)d(the)g(authorization)k(tok)o(en)e(a)d(k)o(e)o(yed)i
(message)g(digest)h(HMA)l(C)c([15)q(])i(is)f(used)0 5055
y(whereby)25 b(the)f(used)h(algorithm)h(\(MD5,)d(SHA-1\))g(is)g
(indicated)k(in)c(the)i(AlgorithmID)f(\002eld.)30 b(The)23
b(secret)j(k)o(e)o(y)e(necessary)0 5168 y(for)k(the)g(HMA)l(C)e
(computation)k(needs)f(to)f(be)f(locally)j(kno)n(wn)e(only)g(since)h(v)
o(eri\002cation)g(is)f(done)h(at)e(the)h(tok)o(en)h(creator)-5
b(.)0 5281 y(The)34 b(format)h(of)g(the)g(NTP)e(timestamp)i(is)g
(de\002ned)g(in)g([16)q(].)62 b(Finally)35 b(the)g(object)h(contains)h
(information)g(about)f(the)0 5394 y(authorized)26 b(pack)o(et)g
(\002lter)-5 b(.)28 b(Since)c(a)f(N)m(A)-10 b(T)21 b(might)j(change)h
(some)f(of)f(this)i(information)h(its)d(usefulness)k(is)c
(questionable.)0 5656 y Fl(H.)18 b(Tschofenig,)i(H.)e(Schulzrinne,)h
(C.)g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728
b([P)o(age)24 b(36])p eop
%%Page: 37 37
37 36 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fk(B)119 b(A)-6 b(uthors')30 b(Addr)n(esses)0 606
y Fm(Henning)25 b(Schulzrinne)0 718 y(Dept.)k(of)23 b(Computer)h
(Science)0 831 y(Columbia)g(Uni)n(v)o(ersity)0 944 y(1214)h(Amsterdam)e
(A)-7 b(v)o(enue)0 1057 y(Ne)n(w)22 b(Y)-10 b(ork,)23
b(NY)f(10027)0 1170 y(USA)0 1283 y(EMail:)29 b Fi(schulzr)q(inne@cs)o
(.columbia.edu)0 1493 y Fm(Hannes)24 b(Tschofenig)0 1606
y(Siemens)g(A)l(G)0 1719 y(Otto-Hahn-Ring)i(6)0 1832
y(81739)f(Munich)0 1945 y(German)o(y)0 2058 y(EMail:)k
Fi(Hannes)o(.Tschof)m(enig@siemens)o(.com)0 2268 y Fm(Cedric)24
b(Aoun)0 2381 y(Nortel)g(Netw)o(orks)0 2494 y(France)0
2607 y(EMail:)29 b Fi(cedr)q(ic.aoun@nor)t(telnetw)o(or)q(ks)o(.com)0
2887 y Fk(Refer)n(ences)42 3072 y Fg([1])44 b(H.)20 b(Schulzrinne,)f
(H.)h(Tschofenig,)f(X.)h(Fu,)h(and)e(A.)i(McDonald,)e(\223Casp)i(-)f
(cross-application)e(signaling)i(protocol,)-6 b(\224)18
b(internet)184 3172 y(draft,)h(Internet)g(Engineering)f(T)-7
b(ask)20 b(F)o(orce,)f(2003.)28 b(W)-7 b(ork)20 b(in)h(progress.)42
3321 y([2])44 b(P)-9 b(.)23 b(Srisuresh,)f(J.)i(K)o(uthan,)d(J.)j
(Rosenber)o(g,)d(A.)i(Molitor)m(,)f(and)g(A.)h(Rayhan,)f(\223Middlebox)
e(communication)g(architecture)h(and)184 3420 y(frame)n(w)o(ork,)-6
b(\224)18 b(Internet)h(Draft,)g(Internet)g(Engineering)f(T)-7
b(ask)20 b(F)o(orce,)g(Mar)-5 b(.)20 b(2002.)28 b(W)-7
b(ork)20 b(in)g(progress.)42 3569 y([3])44 b(M.)17 b(Shore,)g(\223The)g
(TIST)g(\(topology-insensiti)n(v)o(e)c(service)k(tra)n(v)o(ersal\))g
(protocol,)-6 b(\224)16 b(Internet)g(Draft,)h(Internet)g(Engineering)d
(T)-7 b(ask)184 3669 y(F)o(orce,)19 b(May)h(2002.)28
b(W)-7 b(ork)20 b(in)g(progress.)42 3817 y([4])44 b(M.)22
b(Shore,)g(\223T)-7 b(o)n(w)o(ards)22 b(a)h(netw)o(ork-friendlier)18
b(midcom,)-6 b(\224)22 b(Internet)f(Draft,)h(Internet)g(Engineering)d
(T)-7 b(ask)23 b(F)o(orce,)f(June)g(2002.)184 3917 y(W)-7
b(ork)20 b(in)g(progress.)42 4066 y([5])44 b(H.)25 b(Tschofenig)f(and)g
(D.)i(Kroeselber)o(g,)e(\223Security)g(threats)h(for)g(nsis,)-6
b(\224)27 b(internet)e(draft,)g(Internet)f(Engineering)f(T)-7
b(ask)25 b(F)o(orce,)184 4165 y(2003.)i(W)-7 b(ork)21
b(in)f(progress.)42 4314 y([6])44 b(M.)28 b(Stiemerling,)h(J.)f
(Quittek,)i(and)d(T)-6 b(.)28 b(T)-7 b(aylor)m(,)28 b(\223Midcom)f
(protocol)g(semantics,)-6 b(\224)29 b(Internet)e(Draft,)i(Internet)e
(Engineering)184 4414 y(T)-7 b(ask)20 b(F)o(orce,)g(2002.)27
b(W)-7 b(ork)20 b(in)h(progress.)42 4563 y([7])44 b(P)-9
b(.)17 b(Srisuresh)g(and)f(M.)h(Holdre)o(ge,)f(\223IP)h(netw)o(ork)f
(address)h(translator)f(\(N)m(A)-9 b(T\))16 b(terminology)f(and)h
(considerations,)-6 b(\224)16 b(RFC)i(2663,)184 4662
y(Internet)h(Engineering)e(T)-7 b(ask)21 b(F)o(orce,)e(Aug.)h(1999.)42
4811 y([8])44 b(L.)18 b(Amini)f(and)g(H.)h(Schulzrinne,)f(\223Observ)n
(ations)f(from)g(router)n(-le)n(v)o(el)g(internet)h(traces,)-6
b(\224)18 b(in)g Fa(DIMA)n(CS)f(W)-8 b(orkshop)18 b(on)f(Internet)184
4910 y(and)i(WWW)i(Measur)m(ement,)f(Mapping)e(and)h(Modeling)o(,)g
(\(Piscataway)-5 b(,)20 b(Ne)o(w)h(J)n(er)o(se)n(y\))p
Fg(,)f(Feb)m(.)f(2002.)42 5059 y([9])44 b(J.)33 b(Manner)f
Fa(et)h(al.)p Fg(,)j(\223Localized)c(RSVP,)-6 b(\224)33
b(Internet)f(Draft,)k(Internet)31 b(Engineering)f(T)-7
b(ask)34 b(F)o(orce,)h(May)d(2002.)69 b(W)-7 b(ork)32
b(in)184 5159 y(progress.)0 5308 y([10])44 b(L.)30 b(Hamer)m(,)h(B.)g
(Gage,)h(and)d(H.)h(Shieh,)i(\223Frame)n(w)o(ork)d(for)g(session)h
(set-up)g(with)g(media)f(authorization,)-6 b(\224)30
b(Internet)f(Draft,)184 5407 y(Internet)19 b(Engineering)e(T)-7
b(ask)21 b(F)o(orce,)e(July)h(2002.)28 b(W)-7 b(ork)20
b(in)g(progress.)0 5656 y Fl(H.)e(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)
g(Aoun)727 b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(37])p eop
%%Page: 38 38
38 37 bop 0 100 a Fm(INTERNET)-8 b(-DRAFT)560 b(draft-tschofenig-nsi)q
(s-c)q(asp)q(-midc)q(om-0)q(1.ps)548 b(March)24 b(3,)f(2003)0
399 y Fg([11])44 b(L.)28 b(Hamer)m(,)h(B.)g(Gage,)h(M.)f(Broda,)g(B.)g
(K)m(osinski,)h(and)e(H.)h(Shieh,)h(\223Session)e(authorization)e(for)i
(RSVP,)-6 b(\224)29 b(Internet)e(Draft,)184 498 y(Internet)19
b(Engineering)e(T)-7 b(ask)21 b(F)o(orce,)e(July)h(2002.)28
b(W)-7 b(ork)20 b(in)g(progress.)0 648 y([12])44 b(H.)30
b(Schulzrinne,)f(H.)h(Tschofenig,)g(X.)g(Fu,)i(and)d(J.)h(Eisl,)j(\223)
-7 b(A)30 b(quality-of-service)c(resource)j(allocation)f(client)i(for)f
(casp,)-6 b(\224)184 747 y(internet)19 b(draft,)g(Internet)g
(Engineering)f(T)-7 b(ask)20 b(F)o(orce,)g(2003.)27 b(W)-7
b(ork)21 b(in)f(progress.)0 897 y([13])44 b(S.)17 b(Y)-8
b(ada)n(v)j(,)17 b(R.)h(Y)-8 b(a)n(v)n(atkar)m(,)16 b(R.)i(P)o(abbati,)
e(P)-9 b(.)18 b(F)o(ord,)f(T)-6 b(.)17 b(Moore,)f(S.)i(Herzog,)e(and)h
(R.)h(Hess,)g(\223Identity)e(representation)f(for)i(RSVP,)-6
b(\224)184 996 y(RFC)21 b(3182,)e(Internet)g(Engineering)f(T)-7
b(ask)20 b(F)o(orce,)f(Oct.)i(2001.)0 1146 y([14])44
b(T)-6 b(.)22 b(Berners-Lee,)g(R.)i(Fielding,)e(and)g(L.)h(Masinter)m
(,)g(\223Uniform)e(resource)g(identi\002ers)h(\(URI\):)h(generic)f
(syntax,)-6 b(\224)22 b(RFC)i(2396,)184 1245 y(Internet)19
b(Engineering)e(T)-7 b(ask)21 b(F)o(orce,)e(Aug.)h(1998.)0
1395 y([15])44 b(H.)32 b(Kra)o(wczyk,)h(M.)e(Bellare,)k(and)c(R.)i
(Canetti,)i(\223HMA)m(C:)d(k)o(e)o(yed-hashing)c(for)j(message)h
(authentication,)-6 b(\224)32 b(RFC)h(2104,)184 1494
y(Internet)19 b(Engineering)e(T)-7 b(ask)21 b(F)o(orce,)e(Feb)m(.)h
(1997.)0 1644 y([16])44 b(D.)19 b(L.)g(Mills,)h(\223Netw)o(ork)e(time)i
(protocol)d(\(v)o(ersion)g(3\))i(speci\002cation,)f(implementation,)-6
b(\224)17 b(RFC)k(1305,)c(Internet)h(Engineering)184
1743 y(T)-7 b(ask)20 b(F)o(orce,)g(Mar)-5 b(.)20 b(1992.)0
5656 y Fl(H.)e(Tschofenig,)i(H.)e(Schulzrinne,)h(C.)g(Aoun)727
b Fm(Expires)25 b(September)f(2003)728 b([P)o(age)24
b(38])p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-22 14:08:32 |