moved from L3DL

2019-04-23 11:01:42 -07:00 · 2019-04-23 11:01:42 -07:00 · 2415628c7d
commit 2415628c7d
parent bc74ab76a8
1 changed files with 7 additions and 6 deletions
--- a/draft-ymbk-lsvr-l3dl-signing.xml
+++ b/draft-ymbk-lsvr-l3dl-signing.xml
@ -36,7 +36,7 @@
      <organization abbrev="Vigil Security">Vigil Security, LLC</organization>
      <address>
        <postal>
-          <street>918 Spring Knoll Drive</street>
+          <street>516 Dranesville Road</street>
          <city>Herndon</city>
          <region>VA</region>
          <code>20170</code>
@ -137,7 +137,7 @@
    is needed.</t>

 <!--
-    protocol "Type = 8:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:40,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40"
+    protocol "Type = 9:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:40,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40"
 -->

      <figure>
@ -145,7 +145,7 @@
 0                   1                   2                   3  
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|    Type = 8   |         Payload Length        |  New Key Type |
+|    Type = 9   |         Payload Length        |  New Key Type |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |         New Key Length        |                               ~
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+
@ -187,7 +187,8 @@
    OPEN PDU, as it can not be verified against any authority.  Hence it
    is jokingly referred to as Married On First Date.  The assurance it
    does provide is that subsequent signed PDUs are from the same peer.
-    And data integrity is a positive side effect of the signature.</t>
+    And data integrity is a positive side effect of the signature
+    covering the payload.</t>

    <t>The PKI-based method offers assurance that the certificate, and
    hence the keying material, provided in the OPEN PDU are authorized
@ -196,7 +197,7 @@
    the same as in the TOFU method.</t>

    <t>With the PKI-based method, automated device provisioning could
-    restrict which subsidiary certificates were allowed from which peers
+    restrict which subsidiary certificates are allowed from which peers
    on a per interface basis.  This would complicate key rolls.  Where
    one draws the line between rigidity, flexibility, and security
    varies.</t>
@ -215,7 +216,7 @@
        PDU
        Code      PDU Name
        ----      -------------------
-          8       NEWKEY
+          9       NEWKEY
           </artwork>
         </figure>