Hi Balaji, A few clarification questions - I think it would be good to clarify these issues in the draft: 1. Since the label hopping mechanism relies on PTP, I understand that PTP traffic itself does not use label hopping, right? 2. Is there something preventing the attacker from attacking PTP, thus causing DoS to the data plane? 3. Is the "additional label" similar to an Integrity Check Value (ICV) computed over part of the packet header? 4. Is there something in your approach that would prevent an attacker from a replay attack? 5. Looking at "Algorithm 3" I was not sure: does the receiver check two consequent time slots? I could not see such a check. I am referring to a case where the sender transmits at the end of a time slot, and the packet is received at the beginning of the next time slot. That would mean the receiver has to be able to tolerate two concurrent time slots, right? 6. The security parameters K, TS, A, I are exchanged over a secure link, which basically assumes there is a pre-shared key between the peer PEs. A naive question would be: how is your approach better than just using a standard ICV, based on the existing pre-shared key?
Tal. _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
