Duly noted. At this point I think we'll wait for direction from the AD. I expect other points will come up from the IESG.
Regards Brian On 03/05/2017 14:32, Martin Thomson wrote: > You seem to have covered the other points well enough. I won't say > that I'm happy with the security story; I would strongly prefer that > you at least say that unicast messages are added to TLS. > > In fact, here's an idea: use TLS for unicast always and leave the > rules about what authentication is offered and accepted to the other > documents. Then you only have the link-local multicast stuff in the > clear. > > On the topic of link-local multicast, you definitely want text in > "3.5.4.5. Rapid Mode (Discovery/Negotiation binding)" on the > implications for security. I would prefer that you forbid triggering > a negotiation during a multicast discovery because it lacks any form > of protection. > > On 3 May 2017 at 11:58, Brian E Carpenter <[email protected]> wrote: >> I must say I hadn't thought of RTT as an issue, because we tend to assume >> that the timescale for an autonomic action will be far greater than >> an RTT, so timeouts will be milliseconds to seconds, and RTTs within >> the autonomic domain will be sub-millisecond in many cases. > > Ahh, I always assume that machines work faster than the network, so > the opposite really.. > >> Are you suggesting we should be able to reduce the timeout as well? > > Can't it already do that? I mean, it can't account for any time > already spent waiting, but it could include the value 0, which means > don't wait any more when you receive this (a nonsensical thing here, > but it demonstrates that a reduction is possible). > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
