Feature request: Data-Plane Confidentiality

[renne]

Payload encryption makes LISP a highly flexible VPN solution with e.g. multi-homing, roaming, etc.

Please add support for IETF RFC 8061 to OpenOverlayRouter.

[albert-lopez]

Thanks for your suggestion, we strongly believe that security is a missing feature in OOR but we are not satisfied with LISP-CRYPTO, since it only offers confidentiality but not authentication (it uses a Diffie-Hellman key exchange through the MS), as such it is vulnerable against man-in-the-middle attacks compromising the confidentiality.

We are in the process of discussing this internally to see how to fix such issues and provide a fully-featured security solution, but this will take some time.

As always we are more than happy to welcome any community member willing to contribute