[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp-interest] LISP-ALT and security

To: Roque Gagliano <rgaglian@fing.edu.uy>
Subject: Re: [lisp-interest] LISP-ALT and security
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Thu, 31 Jul 2008 01:58:58 -0700
Cc: Scott Brim <swb@employees.org>, lisp-interest@lists.civil-tongue.net
In-reply-to: <93226D0A-59DC-45E9-858D-7489D475A22B@fing.edu.uy>
References: <48904930.7060702@sun.com> <CAFC81C3-9BA9-43F2-81DE-70B7EB94322D@fing.edu.uy> <48907999.1050107@sun.com> <DA5FB42C-4B17-4B71-BF92-94033CC06937@fing.edu.uy> <48909B75.2030104@employees.org> <93226D0A-59DC-45E9-858D-7489D475A22B@fing.edu.uy>
Sender: owner-list-interest@lists.civil-tongue.net
User-agent: Thunderbird 2.0.0.14 (X11/20080519)

Roque Gagliano wrote:

the problem is that what you want to sign is the authorization for a setof RLOC receive traffic destinated for a particular EID prefix, and youwant the RLOC to probably change in time. That is not different that theROA case, where you want the origin ASN to change in time.

I've always been thinking about it the other way around i.e., what wewant to check is the authorization to direct an EID prefix to whateverRLOCs it so pleases.


I haven't thought about the tradeoffs between the two approaches though.

   Erik

Follow-Ups:
- Re: [lisp-interest] LISP-ALT and security
  - From: Scott Brim <swb@employees.org>

References:
- [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>
- Re: [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>
- Re: [lisp-interest] LISP-ALT and security
  - From: Scott Brim <swb@employees.org>
- Re: [lisp-interest] LISP-ALT and security
  - From: Roque Gagliano <rgaglian@fing.edu.uy>

Prev by Date: RE: [lisp-interest] LISP-ALT and security
Next by Date: Re: [lisp-interest] LISP-ALT and security
Previous by thread: Re: [lisp-interest] LISP-ALT and security
Next by thread: Re: [lisp-interest] LISP-ALT and security
Index(es):
- Date
- Thread