diff --git a/draft-ymbk-lsvr-l3dl-signing.xml b/draft-ymbk-lsvr-l3dl-signing.xml index 9a33a7f..1b765a7 100644 --- a/draft-ymbk-lsvr-l3dl-signing.xml +++ b/draft-ymbk-lsvr-l3dl-signing.xml @@ -11,7 +11,7 @@ - + @@ -31,7 +31,7 @@ - + --> Arrcus, Inc. @@ -88,13 +88,13 @@ other drafts can reference it. While all comments will, of course, be appreciated, readers may want to wait for the -01 version. - The Layer 3 Discovery and Liveness protocol [old ref because - new draft not yet pushed] OPEN - PDU contains an algorithm specifier, a key, and a certificate, - which can be used to verify signatures on subsequent PDUs. This - document describes two methods of key generation and signing for - use by L3DL, Trust On First Use (TOFU) and a PKI-based mechanism - to provide authentication as well as session integrity. + The Layer 3 Discovery and Liveness protocol OPEN PDU contains an algorithm + specifier, a key, and a certificate, which can be used to verify + signatures on subsequent PDUs. This document describes two methods + of key generation and signing for use by L3DL, Trust On First Use + (TOFU) and a PKI-based mechanism to provide authentication as well + as session integrity. The Key in the OPEN PDU SHOULD be the public key of an asymmetric key pair. The sender signs with the private key, of course. The @@ -308,7 +308,7 @@ We use the term "certificate" here in the generic sense. These are not X.509 certificates: X.509 is much more complicated than - we need for I3DL. The certificates used here are just + we need for L3DL. The certificates used here are just signatures of one key (the session key supplied in the Key field of the OPEN PDU) by another key (the trust anchor).