Re: [lisp] Restarting last call on LISP threats

["Joel M. Halpern" <jmh@joelhalpern.com>]

Ron, I am having trouble with the question.

The threats document describes the threats as they exist today, without 
the adoption of either document that Roger pointed to.  Thus, I do not 
see any dependence.

If there is a threat that is not well described in the base spec or this 
document, then we should add it.  We should add it even if there are 
proposals to remediate it.  But if there is a clear proposal of a 
missing threat, I missed it.

Yours,
Joel

On 5/13/14, 1:31 PM, Ronald Bonica wrote:
> Hi Roger,
>
> Or asked more explicitly, can the level of security claimed by the threats document be achieved without implementing the protocol extensions described in lisp-sec and lisp-crypto?
>
>                                                            Ron
>
>
>> -----Original Message-----
>> From: Ronald Bonica
>> Sent: Tuesday, May 13, 2014 1:22 PM
>> To: 'Roger Jørgensen'; Ross Callon
>> Cc: lisp@ietf.org
>> Subject: RE: [lisp] Restarting last call on LISP threats
>>
>> Hi Roger,
>>
>> Can this draft stand on its own, without integrating content from the
>> documents that you reference?
>>
>>                                                                                               Ron
>>
>>>
>>> There exist two draft that are relevant to what you address.
>>>
>>> You have https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
>>> where the payload of a LISP encapsulated packet are encrypted. None of
>>> the keys for encrypting/decrypting are stored in the mapping system
>>> but is calculated by the xTR's involved.
>>> Then you have https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/
>>> that attempts to secure the xTR to xTR relationship.
>>>
>>>
>>>
>>> --
>>>
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>