Yep, that fills in the details nicely. I started from "we should be
able to bootstrap the security through lisp-sec".
Yours,
Joel
On 3/31/2020 8:27 PM, Dino Farinacci wrote:
Sorry, yes, it is the MS, not the MR, who provides the information to construct
the key, since it is the MS who is generating the notifies. Sorry I still cross
them up.
Oh good. That is more clear now. So if you are saying this:
(1) Use LISP-sec as defined today.
(2) Have the MS wrap some new key material with the MS-OTK and pass it to the
ETR.
(3) The ETR replies as it does today but we have new protected key material in
the Map-Reply.
(4) The MS stores the new key-material.
(5) The ITR generates the new key-material because it can unwrap the MS-OTK
that is derived from the ITR-OTK.
(6) Any subsequent unsolicited Map-Notify messages from the MS (for an
RLOC-change) are signed with the new key-material. Which the ITR can verify
since it has the new key-material from step (5).
That is a shared-key created with the pair of OTKs. I think that can work.
Fabio needs to verify.
I know you didn’t say all these details but I’m progressing your point, for
discussion.
Dino
_______________________________________________
lisp mailing list
lisp@ietf.org
https://www.ietf.org/mailman/listinfo/lisp
