[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
Tony Li wrote:
At this point, IMHO, DNSsec is likely to see reasonably wide deployment
before the really wide deployment of IPv6. (0.5-1.5 years for sure.)
On Jan 16, 2008, at 8:33 AM, Brian Dickson wrote:
We don't need to reinvent the wheel, IMHO - just take advantage of
That would be fine by me. However, DNSsec has been awaiting
deployment for about a decade now. I'm not hopeful that this is going
to happen anytime soon.
More generally, my friends in the security and operations communities
point out that, in general, approaches with a full blown PKI
infrastructure are simply too heavyweight to be pragmatically
deployable. There are simply too many interdependencies. Their
strong suggestions point much more towards pairwise security and/or
web-of-trust approaches (ala PGP).
That works for only so many degrees of separation, IMHO.
On the other hand, I would expect the value of LISP is only seen when
sites whose multihoming is dependent on LISP, are globally reachable via
Which means that arbitrary unrelated entities need some way of trusting
"the system", rather than each other.
Especially if a LISP site is offering "real" services (e.g. any kind of
It needs to be reliably reachable, un-hijackable from a routing
perspective, and read-only (i.e. get its data via a secure channel).
But it does not actually need to be secure, if these other things are
On Jan 16, 2008, at 2:11 PM, Brian Dickson wrote:
There's two distinct things:
1) how to *publish* the data;
2) how to *serve* the data
Both need to be secure to be trustworthy.
Is this really true? Does serving the data truly need to be secure as
long as the data is authentic, accurate, timely, etc.?
If we can avoid securing the mapping transport layer, it would be a
very big win.
to unsubscribe send a message to email@example.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg