On Sun, Jul 04, 2021 at 08:45:05AM +0000, Ariel Almog wrote: > We are mostly interested in Annex P implementation and in particular > authentication TLV in high priority and ipsec. > > Can you share some information on current status, demand, and future plans?
I took a close look at the new security features, and I did develop an idea of both how to implement them and the effort involved. However, I have no immediate plans to work on this. Perhaps somebody else does... In any case, before there can be any talk of implementaion, there is a big open question on the 16.14 security mechanism. There are two flavors: 1. Immediate security processing 2. Delayed security processing (16.14.3.6 optional disclosedKey) #1 makes sense, but #2 does not make any sense at all. At least, I can't see how to use #2 in any practical way. I know how to implement #1, but I have doubts about #2. I think #2, as described in the standard, is totally useless. In the example in the standard, the disclosedKey arrives once per day. The question is, what does a client do when the disclosedKey invalidates the previously received messages? AFAICT, the client would be hopelessly lost. After all, you cannot simply "undo" 24 hours worth of synchronization. Thanks, Richard _______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
