Hello Ana, Suresh and Sheng,
I've read your draft and find it is in a good shape.
However, in the following text, I have a small comment:
extensions. For example, an attack against the IP address extension
would enable the router to advertize the changed IP prefix range,
although, not broader than the prefix range of the parent certificate
in the ADD chain.
RFC 3971 does not mandate the use of IP prefix range (or address) (it is
a "should"). Maybe you could add "if used in the original certificate".
Also, can you update the following references ?
[sig-agility]
Cheneau, T., Maknavicius, M., Shen, S., and M. Vanderveen,
"Signature Algorithm Agility in the Secure Neighbor
Discovery (SEND) Protocol",
draft-cheneau-csi-send-sig-agility-00 (work in progress),
October 2009.
Regards,
Tony
_______________________________________________
CGA-EXT mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cga-ext
