On 14 Oct 2016, at 3:46, Dino Farinacci wrote:

Section 4.3 talks about geo coordinates. I think I understand that these coordinates may give the location of a device. Is there any expectation
that said device can be associated with a person? The security
considerations mention this briefly. Have the working group considered
whether the guidance in RFC 6280/BCP 160 is applicable here?

A mapping database entry could identify an individual. We think that confidentiality of the control-plane could be used for protecting data in transit from LISP site to the mapping system. For retrieving information from the mapping system, the transport can provide confidentiality protection but also who can access the information.

How about I put a reference to RFC6280/BCP160 in the Security Considerstaions section?

That's not really what I had in mind. RFC6280 has considerations that apply do the design of protocols that can transfer location objects, not just their use or implementation. My question was whether the working group had considered whether they apply to this document. I'm not saying that they do; I am not an expert on lisp, and maybe the this data doesn't get sent or used in a way that matters from the perspective of RFC 6280. But I would hope that the working group has or will make an informed decision about that.



lisp mailing list

Reply via email to