randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

moved from L3DL

Browse source
This commit is contained in:
Randy Bush 2019-04-23 11:01:42 -07:00
parent bc74ab76a8
commit 2415628c7d
1 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
draft-ymbk-lsvr-l3dl-signing.xml
View file

@ -36,7 +36,7 @@
<organization abbrev="Vigil Security">Vigil Security, LLC</organization> <organization abbrev="Vigil Security">Vigil Security, LLC</organization>
<address> <address>
<postal> <postal>
<street>918 Spring Knoll Drive</street> <street>516 Dranesville Road</street>
<city>Herndon</city> <city>Herndon</city>
<region>VA</region> <region>VA</region>
<code>20170</code> <code>20170</code>
@ -137,7 +137,7 @@
is needed.</t> is needed.</t>
<!-- <!--
protocol "Type = 8:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:40,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40" protocol "Type = 9:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:40,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40"
--> -->
<figure> <figure>
@ -145,7 +145,7 @@
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 8 | Payload Length | New Key Type | | Type = 9 | Payload Length | New Key Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| New Key Length | ~ | New Key Length | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
@ -187,7 +187,8 @@
OPEN PDU, as it can not be verified against any authority. Hence it OPEN PDU, as it can not be verified against any authority. Hence it
is jokingly referred to as Married On First Date. The assurance it is jokingly referred to as Married On First Date. The assurance it
does provide is that subsequent signed PDUs are from the same peer. does provide is that subsequent signed PDUs are from the same peer.
And data integrity is a positive side effect of the signature.</t> And data integrity is a positive side effect of the signature
covering the payload.</t>
<t>The PKI-based method offers assurance that the certificate, and <t>The PKI-based method offers assurance that the certificate, and
hence the keying material, provided in the OPEN PDU are authorized hence the keying material, provided in the OPEN PDU are authorized
@ -196,7 +197,7 @@
the same as in the TOFU method.</t> the same as in the TOFU method.</t>
<t>With the PKI-based method, automated device provisioning could <t>With the PKI-based method, automated device provisioning could
restrict which subsidiary certificates were allowed from which peers restrict which subsidiary certificates are allowed from which peers
on a per interface basis. This would complicate key rolls. Where on a per interface basis. This would complicate key rolls. Where
one draws the line between rigidity, flexibility, and security one draws the line between rigidity, flexibility, and security
varies.</t> varies.</t>
@ -215,7 +216,7 @@
PDU PDU
Code PDU Name Code PDU Name
---- ------------------- ---- -------------------
8 NEWKEY 9 NEWKEY
</artwork> </artwork>
</figure> </figure>