> Section 4.3 talks about geo coordinates. I think I understand that these
> coordinates may give the location of a device. Is there any expectation
> that said device can be associated with a person? The security
> considerations mention this briefly. Have the working group considered
> whether the guidance in RFC 6280/BCP 160 is applicable here?
A mapping database entry could identify an individual. We think that
confidentiality of the control-plane could be used for protecting data in
transit from LISP site to the mapping system. For retrieving information from
the mapping system, the transport can provide confidentiality protection but
also who can access the information.
How about I put a reference to RFC6280/BCP160 in the Security Considerstaions
lisp mailing list