> Sorry, yes, it is the MS, not the MR, who provides the information to > construct the key, since it is the MS who is generating the notifies. Sorry I > still cross them up.
Oh good. That is more clear now. So if you are saying this: (1) Use LISP-sec as defined today. (2) Have the MS wrap some new key material with the MS-OTK and pass it to the ETR. (3) The ETR replies as it does today but we have new protected key material in the Map-Reply. (4) The MS stores the new key-material. (5) The ITR generates the new key-material because it can unwrap the MS-OTK that is derived from the ITR-OTK. (6) Any subsequent unsolicited Map-Notify messages from the MS (for an RLOC-change) are signed with the new key-material. Which the ITR can verify since it has the new key-material from step (5). That is a shared-key created with the pair of OTKs. I think that can work. Fabio needs to verify. I know you didn’t say all these details but I’m progressing your point, for discussion. Dino _______________________________________________ lisp mailing list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp