Dino,
Don't you always have to trust the mapping system?
Did you mean to say, "If you want to trust the originator of the gleaned
information, ...." ?
Ron
> -----Original Message-----
> From: lisp [mailto:[email protected]] On Behalf Of Dino Farinacci
> Sent: Tuesday, May 13, 2014 1:47 PM
> To: Ross Callon
> Cc: Roger Jorgensen; [email protected]
> Subject: Re: [lisp] Restarting last call on LISP threats
>
> > Thus if we assume that draft-ietf-lisp-sec-06 works, then what we hear
> back from the mapping system should be correct (or should be equally
> reliable to what we hear back from the DNS system today, and we do today
> rely on DNS when we are contacting our bank or brokerage service to
> conduct financial transactions).
>
> The main LISP spec (RFC6830) indicates if you want to trust the mapping
> system you can use the gleaned information as soon as you receive it. And if
> you don't trust the mapping system, you can send a "verifying Map-Request"
> to the mapping system which results in a signed Map-Reply returned ala
> draft-ietf-lisp-sec-06.
>
> Dino
>
> _______________________________________________
> lisp mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/lisp
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
