> It is going to be very hard to guess a valid EIDClient which an EdgeRTR > expects after AAA to whitelist provision. These EIDs are temporary and expire > after 15 minutes.
It can be made even harder using more than 64-bits (since we are using IPv6 EIDs). But if you do guess it, there isn't much you can do with it because you don't have context and you can't send packets to it. As an attacker, you can't get the RLOC information to send packets to the guessed EID. Registrations and lookups to the mapping system can only done by provisioned nodes in a centralized secure enclave. Dino _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
