Hello Stephen, thanks for your comment.
Existing DDT implementations are already using RSA-SHA1, so we cannot simply replace it with RSA-SHA256. But we should be able to add the latter as another signing algorithm.
Authors will take in your comments in the next revision of the draft. Anton On Thursday 27 October 2016 14:44, Stephen Farrell wrote:
Stephen Farrell has entered the following ballot position for draft-ietf-lisp-ddt-08: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- 6.4.1: RSA-SHA1 is not the right choice today, shouldn't this be RSA-SHA256? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - 6.4.1: Can you clarify what bits are signed? I'm not quite sure from the description given - you can have more than one signature but you say the the "entire record" is covered. - Section 8: Where's signature validation in the pseudo-code?
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
