[rrg] Rejecting all but Strategy A

[Pekka Nikander]

> With respect to security in LHIP by using hash-chains, we consider  
> them for LISP, but requires 3 to 4 packet exchanges, so a non-starter.

I don't think so, but I'm no longer an expert there.  (I used to know  
crypto protocols around 1998-2002, but I no longer can claim so.)  For  
unprotected opportunistic case, I think you can simply send your hash  
anchors in the opening packet.

But then association initiation is a very subtle business with lots of  
DoS and other security pitfalls.   You have to make a balance between  
resource exhausting DoS protection and the number of roundtrips.

--Pekka