one pass over russ's review

2019-04-19 14:46:54 -07:00 · 2019-04-19 14:46:54 -07:00 · 83c25ec6db
commit 83c25ec6db
parent de18781808
1 changed files with 28 additions and 3 deletions
--- a/draft-ymbk-lsvr-l3dl-signing.xml
+++ b/draft-ymbk-lsvr-l3dl-signing.xml
@ -62,8 +62,8 @@
    PDU to contain a key which can be used to verify signatures on
    subsequent PDUs.  This document describes two mechanisms based on
    digital signatures, one that is Trust On First Use (TOFU), and one
-    that uses X.509 certificates to provide authentication as well as
-    session integrity.</t>
+    that uses certificates to provide authentication as well as session
+    integrity.</t>

  </abstract>

@ -88,7 +88,8 @@
    for the OPEN PDU to contain an algorithm specifier and a key which
    can be used to verify signatures on subsequent PDUs.  This document
    describes two methods of key generation and signing for use by L3DL,
-    Trust On First Use, AKA TOFU, and a PKI-based mechanism.</t>
+    Trust On First Use (TOFU) and a PKI-based mechanism to provide
+    authentication as well as session integrity.</t>

    <t>To the receiver, the two methods are indistinguishable, the key
    provided in the OPEN PDU is used to verify the signatures on the
@ -179,6 +180,24 @@

  <section anchor="security" title="Security Considerations">

+    <t>The TOFU method requires a leap of faith to accept the key in the
+    OPEN PDU, as it can not be verified against any authority.  Hence it
+    is jokingly referred to as Married On First Date.  The assurance it
+    does provide is that subsequent signed PDUs are from the same peer.
+    And data integrity is a positive side effect of the signature.</t>
+
+    <t>The PKI-based method offers assurance that the certificate, and
+    hence the keying material, provided in the OPEN PDU are authorized
+    by a central authority, e.g. the Clos's network security team.  The
+    onward assurance of talking to the same peer and data integrity are
+    the same as in the TOFU method.</t>
+
+    <t>With the PKI-based method, automated device provisioning could
+    restrict which subsidiary certificates were allowed from which peers
+    on a per interface basis.  This would complicate key rolls.  Where
+    one draws the line between rigidity, flexibility, and security
+    varies.</t>
+    
    <t>The REKEY PDU is open to abuse to create an algorithm suite
    downgrade attack.</t>

@ -210,6 +229,12 @@
         
    </section>
  
+  <section anchor="acks" title="Acknowledgments">
+    
+    <t>The authors than Russ Housley for advice and review.</t>
+
+    </section>
+
  </middle>

 <back>