randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

trying to start to deal with russ's review

Browse source
This commit is contained in:
Randy Bush 2021-02-12 10:16:38 -08:00
parent c929261824
commit 06ae3da805
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
draft-ietf-lsvr-l3dl-signing.xml
View file

@ -11,7 +11,7 @@
<?rfc tocindent="yes"?> <?rfc tocindent="yes"?>
<?rfc tocompact="yes"?> <?rfc tocompact="yes"?>
<rfc category="std" docName="draft-ietf-lsvr-l3dl-signing-01" ipr="trust200902"> <rfc category="std" docName="draft-ietf-lsvr-l3dl-signing-02" ipr="trust200902">
<front> <front>
@ -99,12 +99,12 @@
<t>The Key in the OPEN PDU SHOULD be the public key of an asymmetric <t>The Key in the OPEN PDU SHOULD be the public key of an asymmetric
key pair. The sender signs with the private key, of course. The key pair. The sender signs with the private key, of course. The
device sending the OPEN may use one key for all links, a different device sending the OPEN may use one key for all links, a different
key for each link, or some mix(s) thereof.</t> key for each link, or some mix(es) thereof.</t>
<t>In the TOFU method the key sent in the OPEN PDU is generated on <t>In the TOFU method the key sent in the OPEN PDU is generated on
the sending device, is believed without question by the receiver, the sending device, is believed without question by the receiver,
and used to verify all subsequent PDUs from the same sender with the and used to verify all subsequent PDUs from the same sender with the
same Key Algorithm.</t> same Key Type and Algorithm.</t>
<t>With the PKI-mechanism, an enrollment step is performed. The <t>With the PKI-mechanism, an enrollment step is performed. The
public key is put into a certificate <xref target="RFC5280"/>, which public key is put into a certificate <xref target="RFC5280"/>, which
@ -112,6 +112,9 @@
this way, the relying party can be confident that the public key is this way, the relying party can be confident that the public key is
under control of the identified L3DL protocol entity.</t> under control of the identified L3DL protocol entity.</t>
<t>As part of enrollment or before hand, all relying parties must
have received the trust anchor in an authentic manner.</t>
<t>To the receiver verifying signatures on PDUs, the two methods are <t>To the receiver verifying signatures on PDUs, the two methods are
indistinguishable; the key provided in the OPEN PDU is used to indistinguishable; the key provided in the OPEN PDU is used to
verify the signatures of subsequent PDUs. The difference that verify the signatures of subsequent PDUs. The difference that