On Tue, May 13, 2014 at 7:31 PM, Ronald Bonica <[email protected]> wrote: > Hi Roger, > > Or asked more explicitly, can the level of security claimed by the threats > document be achieved without implementing the protocol extensions described > in lisp-sec and lisp-crypto?
I've been pondering on what to answer you since yesterday but think the reply from Joel cover it well. However as an addon to Joel and partly reply to your question, see more inline. On Tue, May 13, 2014 at 11:56 PM, Joel M. Halpern <[email protected]> wrote: > Ron, I am having trouble with the question. > > The threats document describes the threats as they exist today, without the > adoption of either document that Roger pointed to. Thus, I do not see any > dependence. > > If there is a threat that is not well described in the base spec or this > document, then we should add it. We should add it even if there are > proposals to remediate it. But if there is a clear proposal of a missing > threat, I missed it. Your question made me question the purpose of the LISP threats draft - should it cover potential problem with RFC6830 and include pointers to other work that cover them? That will include we'll get a document that will be updated over time and is that a good thing? The other way to look at LISP threats document is to have it as a "review" of RFC6830, point out weaknesses and discuss them but with no references to other documents. It will be a upstream document that we can refer to from like the two draft I mention. I don't think LISP threat should point to the two draft I mention, but both drafts should have a reference to LISP threat since this will be create a more stable threat document. Then Dino mention: On Tue, May 13, 2014 at 7:47 PM, Dino Farinacci <[email protected]> wrote: <snip> > The main LISP spec (RFC6830) indicates if you want to trust the mapping > system you can use the gleaned information as soon as you receive it. And if > you don't trust the mapping system, you can send a "verifying Map-Request" to > the mapping system which results in a signed Map-Reply returned ala > draft-ietf-lisp-sec-06. Is this covered in the document? I didn't see it but it's still early here... -- Roger Jorgensen | ROJO9-RIPE [email protected] | - IPv6 is The Key! http://www.jorgensen.no | [email protected] _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
