You seem to have covered the other points well enough. I won't say that I'm happy with the security story; I would strongly prefer that you at least say that unicast messages are added to TLS.
In fact, here's an idea: use TLS for unicast always and leave the rules about what authentication is offered and accepted to the other documents. Then you only have the link-local multicast stuff in the clear. On the topic of link-local multicast, you definitely want text in "3.5.4.5. Rapid Mode (Discovery/Negotiation binding)" on the implications for security. I would prefer that you forbid triggering a negotiation during a multicast discovery because it lacks any form of protection. On 3 May 2017 at 11:58, Brian E Carpenter <[email protected]> wrote: > I must say I hadn't thought of RTT as an issue, because we tend to assume > that the timescale for an autonomic action will be far greater than > an RTT, so timeouts will be milliseconds to seconds, and RTTs within > the autonomic domain will be sub-millisecond in many cases. Ahh, I always assume that machines work faster than the network, so the opposite really.. > Are you suggesting we should be able to reduce the timeout as well? Can't it already do that? I mean, it can't account for any time already spent waiting, but it could include the value 0, which means don't wait any more when you receive this (a nonsensical thing here, but it demonstrates that a reduction is possible). _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
