[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp-interest] LISP-ALT and security

To: Erik Nordmark <erik.nordmark@sun.com>
Subject: Re: [lisp-interest] LISP-ALT and security
From: Vince Fuller <vaf@cisco.com>
Date: Wed, 30 Jul 2008 07:35:16 -0700
Authentication-results: sj-dkim-2; header.From=vaf@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: Roque Gagliano <rgaglian@fing.edu.uy>, lisp-interest@lists.civil-tongue.net
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=787; t=1217428289; x=1218292289; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=vaf@cisco.com; z=From:=20Vince=20Fuller=20<vaf@cisco.com> |Subject:=20Re=3A=20[lisp-interest]=20LISP-ALT=20and=20secu rity |Sender:=20; bh=Ovw/93pkz2mJFE6/049kGMgI2zB1D8uluHjq49NmPAg=; b=GVqUj/7aSUukKYxfFAa+mDt09/HcxwZufGwzWQggZlCeVpuEq3UXIH9BLu 4L/l2LErNqo6dNpTwcouOICDueGCccxtsT5n9eIIGgLLOKv8EogzbhST9vOu o2IYnSFxGH;
In-reply-to: <48907999.1050107@sun.com>
References: <48904930.7060702@sun.com> <CAFC81C3-9BA9-43F2-81DE-70B7EB94322D@fing.edu.uy> <48907999.1050107@sun.com>
Sender: owner-list-interest@lists.civil-tongue.net
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

>> That was what I was suggesting in my previous email, you can issue  
>> signed material (similar to ROAs for ASNs)  using RPKI certs that ties  
>> the prefixes allocated from RIRs to the RLOCs you select. The issue 
>> here is if this is an off-line or on-line (inside lisp??) exchange.
>
> You need to approach it from the EID and not from the RLOC; show that  
> the ETR can speak for the EID prefix. Hence with a PKI approach you´d  
> need to build a certificate infrastrure based on the delegation of the  
> EID prefixes.

If EID assignment is rooted at the RIRs and if the RIRs participate in
the authorization system (which one might imagine that must for the "normal",
BGP-based global routing system to work), then this should fall out
naturally.

	--Vince

Follow-Ups:
- Re: [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>

References:
- [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>
- Re: [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>

Prev by Date: Re: [lisp-interest] LISP-ALT and security
Next by Date: Re: [lisp-interest] LISP-ALT and security
Previous by thread: Re: [lisp-interest] LISP-ALT and security
Next by thread: Re: [lisp-interest] LISP-ALT and security
Index(es):
- Date
- Thread