All your questions can be answered by reading (and understanding) RFC9301 and its accompanied references to the LISP security IDs and RFCs. The basic defintions are in RFC9300.
And as for the references to expired drafts, is is not like this draft went out of its way to find an expired drafts. This lisp-geo draft was written when they were active and a multi working group coordinated effort was made to keep the encodings in sync. Since this may be the only non-expiring draft with respect to the encoding, we don't want to lose the history and hence why I want to keep it in. The draft is experimental because that is the status of the document the working group wants it to be. I don't believe we need to make any document updates for your DISCUSSes or COMMENTs. Dino > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Section 1, paragraph 2, and Section 4.1, last sentence: Saying that the > encoding format is consistent with the encoding documented in I-Ds which have > all expired over 6 years ago is disingenuous at best. Please either remove > these sections and sentence entirely, or find examples of RFCs or current > I-Ds. > > Section 4.1, para 3: Is there a limit to what a 'physical shipping package' > can be? How are people's movements prohibited from being a part of this use > case? Are there privacy concerns that surround the tracking of packages? At > the very least it would seem to have supply chain implications. Who is > permitted to access the database and how do they do that? > > Section 4.2, paragraphs 4 and 5: This section discusses look-ups of the > mapping system. Who is permitted to do this, what authentication and > authorization is required? Is any of this information transmitted over > unprotected transport? > > Section 4.2, last paragraph: The I-D referenced here is old and expired, is > there a more current reference? This use case is especially sensitive, > tracking vehicles, either has implications for supply chain, or privacy > implications for people. > > Section 7: What protects the MSP from cross contamination between their > customers? Is there a mandatory ID management system required? Side channel > leakage protection? Authorization system requirements? > > Section 8, bullet 4: Is it unclear to me how using an authentication key/cert > can be used to encrypt mapping records. > > Section 8, last sentence: None of the use cases in Section 4 give this > impression. The privacy concerns for a well know public structures or > landmarks are much different than package tracking and vehicle tracking. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks to Prachi Jain for their secdir review > > General: This draft is marked as Experimental. What is the experiment? How > will we know whether it was successful? > > Section 4.1: ETR? RTR? expand on first use? > > Section 7: What is an xTR? _______________________________________________ lisp mailing list -- [email protected] To unsubscribe send an email to [email protected]
