calvert
commented
9 years ago I submitted a pull request for a slight rewrite of this, before I read this comment. I also was thinking more of end-to-middle authentication, although I think my suggested text is direction-agnostic. I generally read "cryptographic authentication" when I see "authentication". Are non-crypto methods feasible for a middlebox to prove it's on-path? (And in a world of NFV and SFC, what does "on-path" really mean?)
britram
"Authentication: : SPUD must not require authentication. Therefore any information that is provided in the basic SPUD protocol (without any extensions) must not require a trust relationship. However, if a trust relation already exists, SPUD should support the exchange of authenticated information."
This probably needs a rewrite, since any middle-to-end information that the endpoint acts on needs some minimal authentication of being on-path.