[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp-interest] LISP-ALT and security

To: Erik Nordmark <erik.nordmark@sun.com>
Subject: Re: [lisp-interest] LISP-ALT and security
From: Roque Gagliano <rgaglian@fing.edu.uy>
Date: Wed, 30 Jul 2008 12:29:04 +0100
Cc: lisp-interest@lists.civil-tongue.net
In-reply-to: <48904930.7060702@sun.com>
References: <48904930.7060702@sun.com>
Sender: owner-list-interest@lists.civil-tongue.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Erik,

That was what I was suggesting in my previous email, you can issuesigned material (similar to ROAs for ASNs) using RPKI certs that tiesthe prefixes allocated from RIRs to the RLOCs you select. The issuehere is if this is an off-line or on-line (inside lisp??) exchange.


Roque


On Jul 30, 2008, at 11:57 AM, Erik Nordmark wrote:

My question to Vince at the mike in the explisp bof was:
Your example has a /24 EID prefix for the site on the right hand ofthe
slide.
When its ETR sends back a map-reply is there a mechanism that prevents
the ETR from using e.g., /16 instead of /24 as the prefix length inthe map-reply?
AFAIU the security mechanisms in BGP doesn't help with this, since the
map-reply is sent directly back to the ITR.

  Erik


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkiQUIEACgkQnk+WSgHpbO70NACgxqjVYtIHK2dVOoQaXjXnJMQY
IgkAoIC4U7cCJEmmuKYYcFGMjmTEmcA4
=sPND
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>

References:
- [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>

Prev by Date: [lisp-interest] LISP-ALT and security
Next by Date: Re: [lisp-interest] LISP-ALT and security
Previous by thread: [lisp-interest] LISP-ALT and security
Next by thread: Re: [lisp-interest] LISP-ALT and security
Index(es):
- Date
- Thread