Hi Brian/Dino, The key material derivation proposed in draft-ietf-lisp-crypto is based on Diffie-Hellman which is not Quantum Computer resistant. There is some work underway to make IKE that uses DH for key derivation Quantum Computer safe. Might be a good idea to consider this for lisp-crypto as well.
Thanks, -Amjad From: Amjad Inamdar (amjads) Sent: 03 November 2015 PM 12:33 To: '[email protected]' Subject: LISP NAT Traversal Hi, It will be useful if LISP NAT traversal draft (draft-ermagan-lisp-nat-traversal) can elaborate on the following 1) Why LISP NAT traversal cannot be accomplished without RTR (another network entity) which has implications on deployability, complexity and latency. There are other protocols (e.g IKE/IPsec) that achieve NAT-D and NAT-T without the need for additional network entity. 2) Some more details on RTR deployment - location of RTR in the LISP deployment like there are recommendations on PITR/PETR deployments - is RTR shared across LISP sites behind NAT or each site needs a dedicated RTR - what if RTR is behind another NAT (SP-NAT) 3) How is multiple-NAT handled (e.g. enterprise and SP NAT) Thanks, -Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK Senior Technical Leader CSG PI Services Security - India
_______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
