full pass fixing lsor refs and some adjustments to new l3dl changes
This commit is contained in:
parent
141d1ba4ea
commit
785738788f
1 changed files with 10 additions and 10 deletions
|
|
@ -58,12 +58,12 @@
|
|||
|
||||
<abstract>
|
||||
|
||||
<t>The Layer 3 Discovery and Liveness protocol OPEN PDU contains a
|
||||
key and a certificate, which can be used to verify signatures on
|
||||
<t>The Layer 3 Discovery and Liveness protocol OPEN PDU may contain
|
||||
a key and a certificate, which can be used to verify signatures on
|
||||
subsequent PDUs. This document describes two mechanisms based on
|
||||
digital signatures, one that is Trust On First Use (TOFU), and one
|
||||
that uses certificates to provide authentication as well as
|
||||
session integrity.</t>
|
||||
that uses certificates to provide authentication as well as session
|
||||
integrity.</t>
|
||||
|
||||
</abstract>
|
||||
|
||||
|
|
@ -84,7 +84,7 @@
|
|||
<section anchor="intro" title="Introduction">
|
||||
|
||||
<t>The Layer 3 Discovery and Liveness protocol [old ref because
|
||||
new draft not yet pushed] <xref target="I-D.ietf-lsvr-lsoe"/> OPEN
|
||||
new draft not yet pushed] <xref target="I-D.ietf-lsvr-l3dl"/> OPEN
|
||||
PDU contains an algorithm specifier, a key, and a certificate,
|
||||
which can be used to verify signatures on subsequent PDUs. This
|
||||
document describes two methods of key generation and signing for
|
||||
|
|
@ -387,9 +387,9 @@
|
|||
<t>Modern key management allows for agility in 'rolling' to a new
|
||||
key or even algorithm in case of key expiry, key compromise, or
|
||||
merely prudence. Declaring a new key with an L3DL OPEN PDU would
|
||||
cause serious churn in topology as a new OPEN causes a withdraw of
|
||||
previously announced encapsulations. Therefore, a gentler rekeying
|
||||
is needed.</t>
|
||||
cause serious churn in topology as a new OPEN may cause a withdraw
|
||||
of previously announced encapsulations. Therefore, a gentler
|
||||
rekeying is needed.</t>
|
||||
|
||||
<!--
|
||||
protocol "Type = 8:8,Payload Length:16,New Key Type:8,New Key Length:16,New Key ...:32,New Cert Length:16,New Certificate ...:32,Old Sig Type:8,Old Signature Length:16,Old Signature ...:40"
|
||||
|
|
@ -458,7 +458,7 @@
|
|||
|
||||
<t>The PKI-based method offers assurance that the certificate, and
|
||||
hence the keying material, provided in the OPEN PDU are authorized
|
||||
by a central authority, e.g. the Clos's network security team. The
|
||||
by a central authority, e.g. the network's network security team. The
|
||||
onward assurance of talking to the same peer and data integrity are
|
||||
the same as in the TOFU method.</t>
|
||||
|
||||
|
|
@ -512,7 +512,7 @@
|
|||
<references title="Normative References">
|
||||
<?rfc include="reference.RFC.2119"?>
|
||||
<?rfc include="reference.RFC.8174"?>
|
||||
<?rfc include="reference.I-D.ietf-lsvr-lsoe"?>
|
||||
<?rfc include="reference.I-D.ietf-lsvr-l3dl"?>
|
||||
</references>
|
||||
<!--
|
||||
<references title="Informative References">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue