Hello Mirja,
thanks for your comment. Since LISP/DDT was conceived to be used on
the public Internet security concerns are very important and were taken
very seriously. Authors believe that the trust delegation scheme
specified in the document provides very good mechanism to verify
authenticity of DDT messages.
The system obviously remains potentially vulnerable to (d)DOS
attacks overloading DDT nodes with non-authenticated requests.
Most of security concerns are inherited from LISP-SEC and are being
discussed in the corresponding draft.
Authors are planning to enhance security section of the draft in the
next revision, mostly to clarify calculation and verification of signatures.
Anton
On Thursday 27 October 2016 12:06, Mirja Kuehlewind wrote:
Mirja Kühlewind has entered the following ballot position for
draft-ietf-lisp-ddt-08: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Would it be worth it to potentially think about/document potential
attacks against this system? I didn't think myself about how such an
attack could look like but given that location and identity are potential
sensitive data it might be worth it...
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
