I may have misread the discussion.
I was commenting only on the one topic of gleaning. I was leaving it to
the authors to respond to your other comments.
Yours,
Joel
On 5/15/14, 5:39 PM, Ross Callon wrote:
I raised a list of problems. They are not all already mentioned in the threats
document (eg, note the privacy issue at the end of my detailed email).
Ross
-----Original Message-----
From: Joel Halpern Direct [mailto:[email protected]]
Sent: Thursday, May 15, 2014 2:29 PM
To: Ronald Bonica; Joel M. Halpern; Roger Jørgensen; Ross Callon
Cc: [email protected]
Subject: Re: [lisp] Restarting last call on LISP threats
The threats document does not specify how to resolve the threats. It
identifies problems. In this particular case, it already identifies the
problem that Ross raised. Quite clearly.
There is no dependence on the documents Roger pointed to. They are ways
of remediating the threat.
Yours,
Joel
On 5/15/14, 2:15 PM, Ronald Bonica wrote:
Joel,
The threats document should not depend on lisp-sec or lisp-crypto.
However, Roger's response did rely on those documents (see his
response, below).
So, we are left to explore whether something was omitted from the
threats document. Standby for my response to Roger.
Ron
-----Original Message----- From: Joel M. Halpern
[mailto:[email protected]] Sent: Tuesday, May 13, 2014 5:57 PM
To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: [email protected]
Subject: Re: [lisp] Restarting last call on LISP threats
Ron, I am having trouble with the question.
The threats document describes the threats as they exist today,
without the adoption of either document that Roger pointed to.
Thus, I do not see any dependence.
If there is a threat that is not well described in the base spec or
this document, then we should add it. We should add it even if
there are proposals to remediate it. But if there is a clear
proposal of a missing threat, I missed it.
Yours, Joel
On 5/13/14, 1:31 PM, Ronald Bonica wrote:
Hi Roger,
Or asked more explicitly, can the level of security claimed by
the threats
document be achieved without implementing the protocol extensions
described in lisp-sec and lisp-crypto?
Ron
-----Original Message----- From: Ronald Bonica Sent: Tuesday,
May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc:
[email protected] Subject: RE: [lisp] Restarting last call on LISP
threats
Hi Roger,
Can this draft stand on its own, without integrating content
from the documents that you reference?
Ron
There exist two draft that are relevant to what you address.
You have
https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
where the payload of a LISP encapsulated packet are encrypted. None
of the keys for encrypting/decrypting are stored in the
mapping system but is calculated by the xTR's involved. Then
you have
https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that
attempts to secure the xTR to xTR relationship.
--
_______________________________________________ lisp mailing
list [email protected] https://www.ietf.org/mailman/listinfo/lisp
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
