With regard to control plane load, I think most of what you wanted is
already there, but take a read if you have a chance.
Your comments on the need for a full DDT security document reinforce my
feeling that we should remove the treatment from this document.
Yours,
Joel
On 12/13/2012 7:56 PM, Noel Chiappa wrote:
> From: "Joel M. Halpern" <[email protected]>
> The section is "Cache Overflow", so I figure it was safe for discussion
> to assume that there was insufficient space.
Ah, good point.
Still, I think the discussion in my note is probably worth putting in the ID
(if those points are not already there, my apologies if they are, I still
haven't had a chance to read it, sigh): in particular, the observation that
some of the issues (e.g. control plane load) which may not yet be handled do
have potential solutions but they require neither i) protocol changes, nor ii)
co-ordinated deployment of modified code, is probably very good to note.
I think showing that those issues have been analyzed, and we do have a
non-painful path for dealing with them, is something that would be useful to
have there, lest people think we blew the issue off.
> IN contrast, the security information for DDT can be included in that
> document.
Probably in a separate document paired with the DDT main spec and packet
formats, actually.
DDT security is going to be order of magnitude the same complexity as DNS
security (not too surprising, they do similar things, and have similar
securability requirements), and the complete description of all the operating
modes, etc is going to be, like that for DNS, a fair amount of material.
Noel
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
