Thanks Joel, I've tried to summarize my line of thought below. There may be other aspects I'm missing.
In traditional LISP, there is some shared state between a Map-Server and an ETR in order to validate Map-Notifies. First, for integrity protection Map-Notifies include some authentication data generated using a shared key between the Map-Server and the ETR. Second, to protect against replay attacks the nonce used in the Map-Register/Map-Notify exchange is incremented over time. This requires that both the Map-Server and the ETR are in synch regarding the shared key and incremental nonce. PubSub introduces a new protocol operation where a Map-Server can send Map-Notify messages to ITRs. This departs from the traditional ETR-MS relationship stated above and introduces a few questions. How to keep a shared key at scale between ITRs and a Map-Server? The ratio of ITRs-to-MS is potentially orders of magnitude bigger than the ratio of ETRs-to-MS, are shared keys even feasible? Besides, how to handle the nonce increment when the ITR is also an ETR? Do we need to keep track of two Map-Notify nonces, one for the Map-Register exchange and another for PubSub operation? Thanks, Alberto On 3/16/20, 11:24 AM, "Joel Halpern Direct" <jmh.dir...@joelhalpern.com> wrote: Thank you Alberto. To see if folks want to engage on the topic, could you write a short email describing the question and, if you can, some of the things that you would like to discuss? Folks, let's be clear. I do expect we will have a virtual interim. Maybe even more than one. I would really like to see groundwork on the email list so that any request by the chairs for folks to make time is for more than just some presentations. Thank you, Joel On 3/16/2020 2:15 PM, Alberto Rodriguez Natal (natal) wrote: > Joel, all, > > I'm in favor of having a virtual interim meeting. One of the points that I have on my personal list of "things to discuss when we have time" is the aspect of (unsolicited) Map-Notifies on PubSub. I think it can benefit from some deeper discussion with the WG regarding, nonces, security associations, ITR-MS relationship, etc. If the WG is up to it, I can bring the topic for discussion and get some opinions on an interim. > > Thanks, > Alberto > > _______________________________________________ lisp mailing list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp