diff --git a/draft-ietf-lsvr-l3dl.xml b/draft-ietf-lsvr-l3dl.xml
index b675d8b..0aff603 100644
--- a/draft-ietf-lsvr-l3dl.xml
+++ b/draft-ietf-lsvr-l3dl.xml
@@ -685,8 +685,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
Ethernet frames.
@@ -704,9 +703,9 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AttrCount | Attribute List ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Auth Type | Auth Length | ~
+| Auth Type | Key Length | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~
-~ Authentication Data ... ~
+~ Key ... ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sig Type | Signature Length | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~
@@ -716,8 +715,8 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
The Payload Length is the number of octets in all fields of the
- PDU from the Nonce to the Authentication Data, excluding the Sig
- Type, the Signature Length, and the Signature.
+ PDU from the Nonce to the Key, excluding the Sig Type, the Signature
+ Length, and the Signature.
The Nonce enables detection of a duplicate OPEN PDU. It SHOULD
be either a random number or the time of day. It is needed to
@@ -737,18 +736,16 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
datacenter; hence there is no global registry. Nodes exchange
their attributes only in the OPEN PDU.
- Auth Type is the Signature algorithm type, see Auth Type is the Signature algorithm suite, see .
- Auth Length is a 16-bit field denoting the length in octets of
- the Authentication Data, not including the Auth Type or the Auth
- Lengths. If there are no Authentication Data, the Auth Type and
- Auth Length MUST both be zero.
+ Key Length is a 16-bit field denoting the length in octets of the
+ Key, not including the Auth Type or the Key Lengths. If there is no
+ Key, the Auth Type and key Length MUST both be zero.
- The Authentication Data are specific to the operational
- environment. A failure to authenticate is a failure to start the
- L3DL session, an ERROR PDU is sent (Error Code 2), and HELLOs MUST
- be restarted.
+ The Key is specific to the operational environment. A failure to
+ authenticate is a failure to start the L3DL session, an ERROR PDU is
+ sent (Error Code 2), and HELLOs MUST be restarted.The Signature fileds are described in and in
an asymmetric key environment serve as a proof of possession of the
@@ -1205,7 +1202,7 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
| Sig Type | Signature Length | ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~
~ Signature ... ~
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -1222,56 +1219,6 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
-
-
- Modern key management allows for agility in 'rolling' to a new
- key or even algorithm in case of key compromise or merely prudence.
- Declaring a new key with an L3DL OPEN PDU would cause serious churn
- in topology as a new OPEN causes a withdraw of previously announced
- encapsulations. Therefore, a gentler rekeying is needed.
-
-
-
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Type = 8 | Payload Length | New Auth Type |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| New Auth Length | ~
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
-~ New Authentication Data ... | Old Sig Type |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Old Signature Length | ~
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
-~ Old Signature ... |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-
- The New Auth Type, New Auth Length, and New Authentication Data
- fields declare the replacement algorithm and key.
-
- The NEWKEY PDU is signed using the current (soon to be old)
- algorithm and key.
-
- To avoid possible race conditions, the receiver SHOULD accept
- signatures using either the new or old key for a configurable time
- (default 30 seconds). This is intended to accommodate situations
- such as senders with high peer out-degree and a single per-device
- asymmetric key.
-
- If the sender does not receive an ACK in the normal window,
- including retransmission, then the sender MAY choose to allow a
- session reset by either issuing a new OPEN or by letting the
- receiver eventually have a signature failure (error code 3) on a
- PDU.
-
-
-
Layer 2 liveness may be continuously tested by KEEPALIVE PDUs,
@@ -1457,19 +1404,18 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
PDU
- Code PDU Name
- ---- -------------------
- 0 HELLO
- 1 OPEN
- 2 KEEPALIVE
- 3 ACK
- 4 IPv4 Announce / Withdraw
- 5 IPv6 Announce / Withdraw
- 6 MPLS IPv4 Announce / Withdraw
- 7 MPLS IPv6 Announce / Withdraw
- 8 NEWKEY
- 9-254 Reserved
- 255 VENDOR
+ Code PDU Name
+ ---- -------------------
+ 0 HELLO
+ 1 OPEN
+ 2 KEEPALIVE
+ 3 ACK
+ 4 IPv4 Announce / Withdraw
+ 5 IPv6 Announce / Withdraw
+ 6 MPLS IPv4 Announce / Withdraw
+ 7 MPLS IPv6 Announce / Withdraw
+ 8-254 Reserved
+ 255 VENDOR
@@ -1497,9 +1443,9 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
Bit Bit Name
---- -------------------
- 0 Primary
- 1 Loopback
- 2-7 Reserved
+ 0 Primary
+ 1 Loopback
+ 2-7 Reserved
@@ -1513,10 +1459,10 @@ uint32_t sbox_checksum_32(const uint8_t *b, const size_t n)
Error
Code Error Name
---- -------------------
- 0 Reserved
- 1 Logical Link Addressing Conflict
- 2 Authorisation Failure in OPEN
- 3 Signature Failure in PDU
+ 0 Reserved
+ 1 Logical Link Addressing Conflict
+ 2 Authorisation Failure in OPEN
+ 3 Signature Failure in PDU