[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RAM] Re: draft-bagnulo-lisp-threat-01

To: marcelo bagnulo braun <marcelo at it.uc3m.es>
Subject: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
From: Dino Farinacci <dino at cisco.com>
Date: Fri, 13 Jul 2007 16:21:17 -0700
Authentication-results: rtp-dkim-1; header.From=dino@cisco.com; dkim=pass (s ig from cisco.com/rtpdkim1001 verified; );
Cc: Robin Whittle <rw at firstpr.com.au>, ram at iab.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=839; t=1184368890; x=1185232890; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dino@cisco.com; z=From:=20Dino=20Farinacci=20<dino@cisco.com> |Subject:=20Re=3A=20[RAM]=20Re=3A=20draft-bagnulo-lisp-threat-01 |Sender:=20 |To:=20marcelo=20bagnulo=20braun=20<marcelo@it.uc3m.es>; bh=sbzp5QNlVRuRzgjWgHPfUEs6ua7+Tygd4LUEhSzzdKE=; b=pIEGxMA63gcnOCh49iuap2GFlXUBX3MwVk/JJviZJtEX06nUY4b1efTKzVEfVzz4nS+vlvwe SOnJSAx4mrp9DNNIs5H+jCmdhVS2fSM0XBrSeDtB1AVvzIoh+tyoyY7n;
In-reply-to: <69C39BDA-E346-40D7-8378-2E9CBACBE0ED@it.uc3m.es>
List-archive: <http://www1.ietf.org/pipermail/ram>
List-help: <mailto:ram-request@iab.org?subject=help>
List-id: Routing and Addressing Mailing List <ram.iab.org>
List-post: <mailto:ram@iab.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=unsubscribe>
References: <E1I7yhK-0001vj-4f@stiedprstage1.ietf.org> <1A1EE942-944D-4CE6-8C79-C8382C000D1B@it.uc3m.es> <4695B066.4000805@firstpr.com.au> <E043AFCF-959F-4E77-951B-9B45EF6ACF7D@it.uc3m.es> <BB5EC874-6D09-4343-82A0-63617980A2FF@cisco.com> <69C39BDA-E346-40D7-8378-2E9CBACBE0ED@it.uc3m.es>

from a security analysis perspective, i guess an important question would be if in LISP 3, TR also learn through tunneled data packets and MAP-Reply packets as described in the draft-farinacci-lisp-01. If yes, then we need to see if the threats identified in the threat analysis draft also apply (but it is likely to be the case, if no additional measures are taken to prevent them)

Yes, I agree. We are assuming at this point that CONS and NERD are control plane based and do not have data-triggered Map-Replies. Using APT, it depends. Because the design indicates that you send packet along the mapping service topology. That is a bit different where there isn't data plane triggered mappings but the data is sent over a control-plane. Much different than a LISP 1 and 1.5 approach.

Dino

_______________________________________________
RAM mailing list
RAM at iab.org
https://www1.ietf.org/mailman/listinfo/ram

References:
- [RAM] Fwd: I-D ACTION:draft-bagnulo-lisp-threat-01.txt
  - From: marcelo bagnulo braun
- [RAM] draft-bagnulo-lisp-threat-01
  - From: Robin Whittle
- [RAM] Re: draft-bagnulo-lisp-threat-01
  - From: marcelo bagnulo braun
- Re: [RAM] Re: draft-bagnulo-lisp-threat-01
  - From: Dino Farinacci
- Re: [RAM] Re: draft-bagnulo-lisp-threat-01
  - From: marcelo bagnulo braun

Prev by Date: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
Next by Date: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
Previous by thread: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
Next by thread: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
Index(es):
- Date
- Thread