ccamp-9----Page:6
1 2 3 4 5 6 7 8 9 10
|
6 Changes in 01 draft (1) Add new design team member: Rich Graveman Modified draft with many suggestions by Rich, Sam, Adrian, and others since IETF 68. Indicate that the boundaries of trust domain should be carefully defined when analyzing the security property of each individual network, e.g., the boundaries can be at the link termination, remote peers, areas, or quite commonly, ASes. Encrypting for confidentiality must be accompanied with cryptographic integrity checks to prevent certain active attacks against the encrypted communications. Emphasis on the importance of key management, which may be more demanding in terms of both computational and administrative overhead. it is important to bind the authentication to the key management for the encryption. Otherwise the protocol is vulnerable to being hijacked between the authentication and key management. |