[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp-interest] LISP-ALT and security

To: Roque Gagliano <rgaglian@fing.edu.uy>
Subject: Re: [lisp-interest] LISP-ALT and security
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Wed, 30 Jul 2008 07:24:25 -0700
Cc: lisp-interest@lists.civil-tongue.net
In-reply-to: <CAFC81C3-9BA9-43F2-81DE-70B7EB94322D@fing.edu.uy>
References: <48904930.7060702@sun.com> <CAFC81C3-9BA9-43F2-81DE-70B7EB94322D@fing.edu.uy>
Sender: owner-list-interest@lists.civil-tongue.net
User-agent: Thunderbird 2.0.0.12 (X11/20080310)

Roque Gagliano wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Erik,
That was what I was suggesting in my previous email, you can issuesigned material (similar to ROAs for ASNs) using RPKI certs that tiesthe prefixes allocated from RIRs to the RLOCs you select. The issue hereis if this is an off-line or on-line (inside lisp??) exchange.

You need to approach it from the EID and not from the RLOC; show thatthe ETR can speak for the EID prefix. Hence with a PKI approach you´dneed to build a certificate infrastrure based on the delegation of theEID prefixes.


   Erik

Follow-Ups:
- Re: [lisp-interest] LISP-ALT and security
  - From: Vince Fuller <vaf@cisco.com>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>

References:
- [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>

Prev by Date: Re: [lisp-interest] Securing the mapping response
Next by Date: Re: [lisp-interest] LISP-ALT and security
Previous by thread: Re: [lisp-interest] LISP-ALT and security
Next by thread: Re: [lisp-interest] LISP-ALT and security
Index(es):
- Date
- Thread