On Mar 3, 2014, at 1:13 PM, Ed Lopez <elopez@fortinet.com> wrote:

First off, I apologize to all for my absence on the mailing list, particularly Dino.  My company is relatively new to IETF WG participation, and there were some backend discussions I had to have back at corporate to ensure that I was both in compliance with the IETF Note Well, as well as my company’s internal IP processes.  This has been resolved, and I will be resuming active participation on the list.

At the time, I was working with Dino on crypto solutions for LISP.  Enclosed in my draft regarding opportunistic encryption for LISP.  While there are significant similarities with regard to the goals of one exchange of key material, non-reliance on PKI, nor storing keys on the mapping system, I proposed the use of IPSec ESP in transport mode for the actual encryption of packets between xTRs, as opposed to developing support for encryption within the LISP protocol itself.  I feel this has significant advantages toward ease of deployment and hardware acceleration, as well as support for multiple available encryption/hash algorithms.

The use of the security type (11) LCAF is very similar, except I propose that the Key Algorithm field be used to support encryption/hash algorithm sets, rather than individual algorithms.  In this way, we can use Key Count values to signify ITF preferences.

Another significant different is that this draft makes use of the R-bit to signal when Keys should be revoked, and can be used locally by xTRs to signal expiry conditions such as lifetime, peer detection failure, etc.

Thanks! 

Ed Lopez

<draft-lopez-lisp-oe-00.txt>