Hi Brian/Dino,

The key material derivation proposed in draft-ietf-lisp-crypto is based on 
Diffie-Hellman which is not Quantum Computer resistant. There is some work 
underway to make IKE that uses DH for key derivation Quantum Computer safe. 
Might be a good idea to consider this for lisp-crypto as well.

Thanks,
-Amjad

From: Amjad Inamdar (amjads)
Sent: 03 November 2015 PM 12:33
To: '[email protected]'
Subject: LISP NAT Traversal

Hi,

It will be useful if LISP NAT traversal draft 
(draft-ermagan-lisp-nat-traversal) can elaborate on the following

1) Why LISP NAT traversal cannot be accomplished without RTR (another network 
entity) which has implications on deployability, complexity and latency. There 
are other protocols (e.g IKE/IPsec) that achieve NAT-D and NAT-T without the 
need for additional network entity.

2) Some more details on RTR deployment
- location of RTR in the LISP deployment like there are recommendations on 
PITR/PETR deployments
- is RTR shared across LISP sites behind NAT or each site needs a dedicated RTR
- what if RTR is behind another NAT (SP-NAT)

3) How is multiple-NAT handled (e.g. enterprise and SP NAT)

Thanks,
-Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK
Senior Technical Leader
CSG PI Services Security - India

_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp

Reply via email to