Hi Joel, On 3/5/15 5:37 AM, Joel M. Halpern wrote: > I am not sure what would go in the introduction document that would > address Radia's concern. > > Each mapping system document includes security considerations that are > specific to that mapping system. The Original BGP based system has one > set of properties, the DDT one (which we will be advancing after the > blocking documents are cleared) as a different set. The introduction > document is not a requirements document driving that work, but rather an > explanation.
Agreed. > I suppose we could add a short paragraph that notes that individual > mapping systems need to address traffic misdirection threats, and that > the mapping system interfaces (Map Servers and Map Resolvers, and the > protocol between ITRs/ETRs and those components) need to address a > multitude of security issues. But would that kind of text really help > the introduction? > I think it would help by letting readers know that there are different security considerations for the different types of mapping systems. > I very much don't want to see this document getting into the question of > why not to use DNS as the mapping system, or a DNS clone, or ... One of > the keys to the LISP design is that different mapping system designs can > be and are being tried. One of the challenges in writing this > introduction is to reflect the existing RFCs while allowing for the new > work such as DDT that we know the working group plans so as not to > obsolete this introduction. I agree that this is not the document to get into the "use vs. not use" the DNS for mapping. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
