Hi Erik, I see your point. The draft assumes a security association between the ITR and the MS in order to authenticate the Map-Notifies. I think this addresses your valid concern on spoofed Map-Notifies. How this security association is established is a different discussion :)
Note also that, ideally, the Map-Notifies sent as publications should each have a different nonce so the MS can easily correlate them with the Map-Notify-Acks received as responses. Best, Alberto On Thu, Nov 16, 2017 at 11:17 PM, Erik Nordmark <[email protected]> wrote: > On 11/17/2017 10:49 AM, Alberto Rodriguez-Natal wrote: >> >> Just to clarify what was discussed in the meeting. The nonce used in >> the Map-Request requesting the subscription will be used in the >> Map-Notify that confirms the subscription. This is at top of page 6 in >> the draft. >> >> Similarly, a Map-Notify sent as publication will be ack'ed by a >> Map-Notify-Ack using its nonce. > > > Albero, > > My understanding from Dino's comment at the make was that in his > implementation the map-notify has the nonce from the original map-request. > > The reason I asked about this is that there are some additional security > benefits if the map-notify has a nonce which corresponds to what the xTR had > sent in the map-request. Otherwise you need some other mechanism to guard > against receiving spoofed map-notifies. > > Erik > >> >> https://tools.ietf.org/html/draft-rodrigueznatal-lisp-pubsub-01 >> >> Thanks, >> Alberto >> >> _______________________________________________ >> lisp mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/lisp >> > _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
