Kyle, Dino, Thanks for the review and discussion -- I look forward to seeing where it ends up. Just one note, inline... On Sat, Aug 25, 2018 at 02:40:15PM -0700, Dino Farinacci wrote: > > Reviewer: Kyle Rose > > Review result: Has Issues > > > > Another question it poses is: how does the Map-Resolver authenticate the > > Map-Server? Symmetric authentication with the ITR-OTK demonstrates only that > > We plane to add that in draft-farinacci-lisp-ecdsa-auth. Up until now it was the clients of the mapping system that first needed to be authenticated, but the map-servers can do the same. We plan to adding signing Map-Notify messages which is typically an Ack to a signed Map-Register sent by an xTR. > > > the response is associated with the request: it's not immediately clear to me > > what security guarantees it provides to the ITR. Limiting attacks to on-path > > attackers, yes. But what about MitM? That class of attacks requires either a > > pre-shared key (implying a pre-existing trust relationship between a > > We do use pre-shared keys for registering to the mapping system. And you could encrypt messages in both directions using this shared-key. This shared-key was intended for authorization of a particulary (IID, EID) pair to the mapping system, but can be easily for encryption. If the PSK does get additionally purposed for encryption, please make sure to use a modern key derivation hierarchy to provide separation between the authentication and encryption usages. -Benjamin
