randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

one pass over russ's review

Browse source
This commit is contained in:
Randy Bush 2019-04-19 14:46:54 -07:00
parent de18781808
commit 83c25ec6db
1 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

31
draft-ymbk-lsvr-l3dl-signing.xml
View file

@ -62,8 +62,8 @@
PDU to contain a key which can be used to verify signatures on PDU to contain a key which can be used to verify signatures on
subsequent PDUs. This document describes two mechanisms based on subsequent PDUs. This document describes two mechanisms based on
digital signatures, one that is Trust On First Use (TOFU), and one digital signatures, one that is Trust On First Use (TOFU), and one
that uses X.509 certificates to provide authentication as well as that uses certificates to provide authentication as well as session
session integrity.</t> integrity.</t>
</abstract> </abstract>
@ -88,7 +88,8 @@
for the OPEN PDU to contain an algorithm specifier and a key which for the OPEN PDU to contain an algorithm specifier and a key which
can be used to verify signatures on subsequent PDUs. This document can be used to verify signatures on subsequent PDUs. This document
describes two methods of key generation and signing for use by L3DL, describes two methods of key generation and signing for use by L3DL,
Trust On First Use, AKA TOFU, and a PKI-based mechanism.</t> Trust On First Use (TOFU) and a PKI-based mechanism to provide
authentication as well as session integrity.</t>
<t>To the receiver, the two methods are indistinguishable, the key <t>To the receiver, the two methods are indistinguishable, the key
provided in the OPEN PDU is used to verify the signatures on the provided in the OPEN PDU is used to verify the signatures on the
@ -178,6 +179,24 @@
</section> </section>
<section anchor="security" title="Security Considerations"> <section anchor="security" title="Security Considerations">
<t>The TOFU method requires a leap of faith to accept the key in the
OPEN PDU, as it can not be verified against any authority. Hence it
is jokingly referred to as Married On First Date. The assurance it
does provide is that subsequent signed PDUs are from the same peer.
And data integrity is a positive side effect of the signature.</t>
<t>The PKI-based method offers assurance that the certificate, and
hence the keying material, provided in the OPEN PDU are authorized
by a central authority, e.g. the Clos's network security team. The
onward assurance of talking to the same peer and data integrity are
the same as in the TOFU method.</t>
<t>With the PKI-based method, automated device provisioning could
restrict which subsidiary certificates were allowed from which peers
on a per interface basis. This would complicate key rolls. Where
one draws the line between rigidity, flexibility, and security
varies.</t>
<t>The REKEY PDU is open to abuse to create an algorithm suite <t>The REKEY PDU is open to abuse to create an algorithm suite
downgrade attack.</t> downgrade attack.</t>
@ -210,6 +229,12 @@
</section> </section>
<section anchor="acks" title="Acknowledgments">
<t>The authors than Russ Housley for advice and review.</t>
</section>
</middle> </middle>
<back> <back>