diff --git a/draft-ymbk-lsvr-l3dl-signing.xml b/draft-ymbk-lsvr-l3dl-signing.xml index 51c9085..95afa5b 100644 --- a/draft-ymbk-lsvr-l3dl-signing.xml +++ b/draft-ymbk-lsvr-l3dl-signing.xml @@ -15,7 +15,7 @@ - Layer 3 Discovery and Liveness TOFU Security + Layer 3 Discovery and Liveness Signing Arrcus & IIJ @@ -59,8 +59,8 @@ The Layer 3 Discovery and Liveness protocol provides for the OPEN PDU to contain a key which can be used to verify signatures on subsequent PDUs. This document describes two methods of key - generation and signing for use by L3DL when 'trust on first use' - authentication and integrity are sufficient. + generation and signing for use by L3DL, Trust On First Use, AKA + TOFU, and PKI-based. @@ -82,25 +82,35 @@ The Layer 3 Discovery and Liveness protocol [old ref because new draft not yet pushed] provides - for the OPEN PDU to contain a key which can be used to verify - signatures on subsequent PDUs. This document describes two methods - of key generation and signing for use by L3DL when 'trust on first - use,' TOFU, authentication and integrity are sufficient. + for the OPEN PDU to contain an algorithm specifier and a key which + can be used to verify signatures on subsequent PDUs. This document + describes two methods of key generation and signing for use by L3DL, + Trust On First Use, AKA TOFU, and a PKI-based mechanism. To the receiver, the two methods are indistinguishable, the key provided in the OPEN PDU is used to verify the signatures on the subsequent PDUs. The difference is how that key is generated. - The simple method is that the OPEN key is a 64-bit random. The - device sending the OPEN may use one key for all links, a different - key for each link, or some aggregation(s) thereof. + In the TOFU method the OPEN key is believed without question and + is used to verify all subsequent PDUs with the same Key Type. - If one is concerned about a Monkey In The Middle, then the OPEN - key can be the public half of an asymmetric key pair. The sender - signs with the private key, of course. To reduce key generation - load on the sending device, the key pair could be generated once per - device. + In the PKI method the OPEN key MUST be verified against the trust + anchor for the operational domain. It is then used to verify all + subsequent PDUs with the same Key Type. + The Key in the OPEN PDU SHOULD be the public half of an + asymmetric key pair. The sender signs with the private key, of + course. The device sending the OPEN may use one key for all links, + a different key for each link, or some aggregation(s) thereof. + + + +
+ +
+ +
+
@@ -112,7 +122,7 @@ encapsulations. Therefore, a gentler rekeying is needed.
@@ -120,7 +130,7 @@ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Type = 8 | Payload Length | New Auth Type | +| Type = 8 | Payload Length | New Key Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | New Key Length | ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ @@ -133,7 +143,7 @@
- The New Auth Type, New Key Length, and New Key fields declare the + The New Key Type, New Key Length, and New Key fields declare the replacement algorithm suite and key. The NEWKEY PDU is signed using the current (soon to be old) @@ -170,12 +180,12 @@
PDU - Code PDU Name - ---- ------------------- - 8 NEWKEY + Code PDU Name + ---- ------------------- + 8 NEWKEY
- + This document requests the IANA add a registry entry for "TOFU - Trust On Frst Use" to the L3DL-Signature-Type registry as follows:
@@ -183,6 +193,7 @@ Number Name ------ ------------------- 1 TOFU - Trust On First Use + 2 PKI