Not sure where to start but here we go. In short - on the background of that draft, I think it's quite respect less what you have gone and done. That's how _I_ see it.
On the technical part, IPSec is nothing new, but I'm not going to comment on that. Some months ago I contacted Dino and started to discuss how we could encrypt all traffic between xTR's without involving the users at all. Or there could be an option for the EID-space holder to tell the mapping system that he only would accept encrypted traffic, or only some encryptions. I thought we could get something done and that work are in Dino's draft. And that's where _I_ started. During my discussion with Dino he involved other people, including you. I understood there was some previous work in progress and we was discussing to merge all that into one draft that you should write together with Dino and me. Then you went silent for weeks, I got no spare time so Dino went and wrote it all himself, that's Dino's draft. And now you show up with a draft with your name on, Dino has asked his to be removed for obvious reason since we've worked on his draft for quite some time now. You could have told us some weeks/months ago that you were working on a draft on your own, that's the least _I_ would have expected. Any future comments/involving from my side will be on technical things. --- Roger J --- On Mon, Mar 3, 2014 at 7:13 PM, Edward Lopez <[email protected]> wrote: > First off, I apologize to all for my absence on the mailing list, > particularly Dino. My company is relatively new to IETF WG participation, > and there were some backend discussions I had to have back at corporate to > ensure that I was both in compliance with the IETF Note Well, as well as my > company's internal IP processes. This has been resolved, and I will be > resuming active participation on the list. > > At the time, I was working with Dino on crypto solutions for LISP. Enclosed > in my draft regarding opportunistic encryption for LISP. While there are > significant similarities with regard to the goals of one exchange of key > material, non-reliance on PKI, nor storing keys on the mapping system, I > proposed the use of IPSec ESP in transport mode for the actual encryption of > packets between xTRs, as opposed to developing support for encryption within > the LISP protocol itself. I feel this has significant advantages toward > ease of deployment and hardware acceleration, as well as support for > multiple available encryption/hash algorithms. > > The use of the security type (11) LCAF is very similar, except I propose > that the Key Algorithm field be used to support encryption/hash algorithm > sets, rather than individual algorithms. In this way, we can use Key Count > values to signify ITF preferences. > > Another significant different is that this draft makes use of the R-bit to > signal when Keys should be revoked, and can be used locally by xTRs to > signal expiry conditions such as lifetime, peer detection failure, etc. > > Thanks! > > Ed Lopez > > > ________________________________ > *** Please note that this message and any attachments may contain > confidential and proprietary material and information and are intended only > for the use of the intended recipient(s). If you are not the intended > recipient, you are hereby notified that any review, use, disclosure, > dissemination, distribution or copying of this message and any attachments > is strictly prohibited. If you have received this email in error, please > immediately notify the sender and destroy this e-mail and any attachments > and all copies, whether electronic or printed. Please also note that any > views, opinions, conclusions or commitments expressed in this message are > those of the individual sender and do not necessarily reflect the views of > Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and > only a writing manually signed by Fortinet's General Counsel can be a > binding commitment of Fortinet to Fortinet's customers or partners. Thank > you. *** > ________________________________ > > _______________________________________________ > lisp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lisp > -- Roger Jorgensen | ROJO9-RIPE [email protected] | - IPv6 is The Key! http://www.jorgensen.no | [email protected] _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
