Re: [apps-discuss] Review of draft-lear-lisp-nerd-08
Dave Cridland <dave@cridland.net> Wed, 11 April 2012 09:54 UTC
Return-Path: <dave@cridland.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF6511E80BE for <apps-discuss@ietfa.amsl.com>; Wed, 11 Apr 2012 02:54:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0Yc9FG8IR+0 for <apps-discuss@ietfa.amsl.com>; Wed, 11 Apr 2012 02:54:19 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by ietfa.amsl.com (Postfix) with ESMTP id D0C3111E809F for <apps-discuss@ietf.org>; Wed, 11 Apr 2012 02:54:16 -0700 (PDT)
Received: from localhost (peirce.dave.cridland.net [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 014801168087; Wed, 11 Apr 2012 10:54:08 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WBAD020GMNs; Wed, 11 Apr 2012 10:53:57 +0100 (BST)
Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id EBAE91168067; Wed, 11 Apr 2012 10:53:55 +0100 (BST)
References: <6.2.5.6.2.20120410125815.08d5c788@elandnews.com>
In-Reply-To: <6.2.5.6.2.20120410125815.08d5c788@elandnews.com>
MIME-Version: 1.0
Message-Id: <3404.1334138036.089383@puncture>
Date: Wed, 11 Apr 2012 10:53:56 +0100
From: Dave Cridland <dave@cridland.net>
To: SM <sm+ietf@elandsys.com>, General discussion of application-layer protocols <apps-discuss@ietf.org>, Eliot Lear <lear@cisco.com>
Content-Type: text/plain; delsp="yes"; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [apps-discuss] Review of draft-lear-lisp-nerd-08
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 09:54:20 -0000
I also had a quick skim. What struck me was that, given the decision to use object-level security over transport-level, there seemed to be portions of information left unprotected. For example, the protocol appears to rely on versioning information left unprotected, as well as HTTP-level redirects which also appear to be unprotected. I wondered whether any interesting attack could be mounted by presenting older versions of the NERD as newer, meaning that the deltas were misinterpreted. I'd think that the correct thing to do would be to include the versioning information within the PKCS#7, and also include expiry and/or next-update information, so that participating routers could flag up outdated information and alert operators, as well as be reasonably aware of when some form of quiet disruption was occuring. That said, I freely admit that not only is this area not my forté to begin with, but I lack experience of LISP at all, so I won't be surprised if I'm missing something obvious. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
- [apps-discuss] Review of draft-lear-lisp-nerd-08 S Moonesamy
- Re: [apps-discuss] Review of draft-lear-lisp-nerd… Dave Cridland
- Re: [apps-discuss] Review of draft-lear-lisp-nerd… Eliot Lear
- Re: [apps-discuss] Review of draft-lear-lisp-nerd… S Moonesamy