Hiya, On 29/12/17 23:37, Donald Eastlake wrote: > OLD > However, [RFC7978], > while it provides both authentication and encryption for point-to- > point extended RBridge Channel messages, provides only authentication > for multipoint RBridge Channel messages. Thus, there is little reason > to use the [RFC7978] security mechanisms at this time. However, it is > expected that a future document will provide for group keying; when > that occurs, the use of RBridge Channel security will also be able to > provide encryption and may be desirable. > > NEW > [RFC7978] provides encryption only for point-to-point extended > RBridge Channel messages so its encryption facilities are not > applicable to this draft. However [RFC7978] provides stronger > authentication than that currently provided in BFD. Thus, there is > little reason to use the BFD security mechanisms if [RFC7978] > authentication is in use. It is expected that a future TRILL > document will provide for group keying; when that occurs, the use > of [RFC7978] RBridge Channel security will be able to provide both > encryption and authentication. Were that change acceptable to the WG, I'd be supportive, and it'd clearly solve what I thought was an issue with the current spec. Cheers, S. -- PGP key change time for me. New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. NewWithOld sigs in keyservers. Sorry if that mucks something up;-)
Attachment:
0x7B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature