nsis-11----Page:11
1 2 3 4 5 6 7 8 9 10 11 12
|
PDR Nonce Protection against injection of fake RESPONSE messages in the RMD domain Intra-domain RESPONSE’ is included into e2e RESPONSE as additional object RII can not be used because RESPONSE carries e2e RII Solution: QNF ingress includes “PDR Nonce” into intra-domain RESERVE’ QNF egress includes the same “ PDR Nonce” into intra-domain RESPONSE’ Is this a good solution? Reinvent the same mechanism (functionally identical to RII)? Shall we define a new object in QoS-NSLP for edge-to-edge security? QNF QNF QNF QNF ingress interior interior egress NTLP stateful NTLP stateless NTLP stateless NTLP stateful | | | | RESERVE | | | | -------->| RESERVE | | | +--------------------------------------------->| | RESERVE' | | | +-------------->| | | | | RESERVE' | | | +-------------->| | | | | RESERVE' | | | +------------->| | | | | RESERVE | | | +--------> | | | | RESPONSE | | | |<-------- | | RESPONSE (RESPONSE’) | |<---------------------------------------------+ RESPONSE| | | | <--------| | | | |