Hi,
'draft-ietf-lisp-eid-anonymity-00' does not mention any authentication
of the LISP-nodes/xTRs with the map-servers.
That way a Man-In-The-Middle-Attack can be run by sending bogus
map-requests with the MITM-attacker's RLOCs.
I suggest to allow only CGA-addresses.
Benefits:
1. Privacy: Dynamic eEIDs by re-keying
2. Reachability: Static eEIDs by static key-pairs allow direct
connections without third-party services relaying (e.g. Facebook ;-) )
3. Security:
1. Signed map-requests
2. eEID-based authentication/authorization with static keypairs
facilitates administration
(e.g. road-warrior authentication/authorization can be done with
a firewall by eEID filtering
without any upper-layer authentication/authorization like
usernames/passwords involved)
Privacy/security considerations:
1. Don't use dynamic and static eEIDs on the same RLOC!
2. Always use payload encryption to avoid deanonymisation by
Deep-Packet-Inspection
Regards,
Renne
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
