IETF Logo Mail Archive

Re: [Ideas] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt

Dino Farinacci <farinacci@gmail.com> Wed, 28 September 2016 02:59 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96FEB12B053; Tue, 27 Sep 2016 19:59:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onmDfOvoirff; Tue, 27 Sep 2016 19:59:36 -0700 (PDT)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF2B512B054; Tue, 27 Sep 2016 19:59:36 -0700 (PDT)
Received: by mail-pf0-x22b.google.com with SMTP id 21so12209064pfy.0; Tue, 27 Sep 2016 19:59:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b8Zbk1LCFBQK4WSeT1qeUukByWQZ7nEbJWc05JaW7Rs=; b=e5PBbxeweyBS+pKe+Up+mxgP0WRqi6F/x9Z6/seAMmmHvouUM/tzgIdzv4WTarFN4D UAjlLt7U0FGHV4WzyrnvSc5R26ReYi1zKLELq0TRxGtU0rtI3Vtepx+38LddHNkgV1X+ jqC5nei0wlefRDD+ZIdLkIa9nTKTd2IIcQOuU2YgTQrGsYoj4ffCxbzgK547nCNuK2dU c4AyKpK1srRv3ZVvZa2xVQ2P3bxe2WEIbbd34OPXGCqw1LM8snXWKu1GttRXlMIcty9+ siIoqfrnIrEPjM0zEb3BXLYAsy0qDlBIAudiIhE1WwFLPl8iJS2KXgG92wXRJln/+WV1 62SA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b8Zbk1LCFBQK4WSeT1qeUukByWQZ7nEbJWc05JaW7Rs=; b=THLo156yqwlt+0jc4HwO5O97HAazc1XZxmdW65GtgV4hhBe0zcgrQuNdcBRHXtuYU3 CMRddl7TNbSGmWsg05WyemeAdGfizJ3VJcU7BR8sNGcwQ1SV3Qa0bld5IJ9+H5m23R6S cKWs0ArLLFMQaA8M7xiUKEXT1rD1A5tcL6RD9i+uF4Ab7PpTmM/+FTFLNRvQa5Y4oxES 6nRR2yO738QekpNwoy4ftwZtMOp5r1jL/n3RICqSHRttEkEndYueQu0AMlDLzRudVhCQ KNQv7/CCThUCS+WOQLYMcp9KyYjkddcWESS5LCfX2J483S3HyaqTzwGeu2rrnCTQXart 8nSA==
X-Gm-Message-State: AE9vXwMgEGGQ7pyX2OyoynKcH85jVZjCx14qmxj2rzfCWyNgRkvGNThHOXxCTAZZpr2H3Q==
X-Received: by 10.98.85.198 with SMTP id j189mr52960356pfb.123.1475031576299; Tue, 27 Sep 2016 19:59:36 -0700 (PDT)
Received: from dino-macbook.wp.comcast.net (173-8-188-29-SFBA.hfc.comcastbusiness.net. [173.8.188.29]) by smtp.gmail.com with ESMTPSA id c28sm7867415pfj.6.2016.09.27.19.59.34 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Sep 2016 19:59:35 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <1D30AF33624CDD4A99E8C395069A2A162A600B3E@SJCEML701-CHM.china.huawei.com>
Date: Tue, 27 Sep 2016 19:59:33 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <ADE71A46-ABEC-4043-B740-6FEF3ACBE035@gmail.com>
References: <32C28142-350A-4242-A9C6-9E32D9966601@gmail.com> <1D30AF33624CDD4A99E8C395069A2A162A600B3E@SJCEML701-CHM.china.huawei.com>
To: Lin Han <Lin.Han@huawei.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/lREt5a4mY0n-6wBFTXhWlrgSTgU>
Cc: "beta@lispers.net" <beta@lispers.net>, "ideas@ietf.org" <ideas@ietf.org>, LISP mailing list list <lisp@ietf.org>, NVO3 <nvo3@ietf.org>, "lisp-alpha@external.cisco.com" <lisp-alpha@external.cisco.com>, LISPmob <users@lispmob.org>, "5gangip@ietf.org" <5gangip@ietf.org>, "lisp-ops@external.cisco.com" <lisp-ops@external.cisco.com>
Subject: Re: [Ideas] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 02:59:39 -0000

> Hi, Dino
> 
> Should we consider the security of sovereignty for the mapping system? This question is probably too early. 

Yes, you bring up a very real question that needs to be answered this early.

> As you know, DNS tree architecture introduced a lot debate historically for the ownership and operation of root DNS. Due to pressure from industry and other countries, USA government plans to hand over the operation of root DNS to IANA next month even there is a lot opposing voice from congress. It could change back again.

Architecturally we need root nodes as a mechanism but they do not have to be run by any one party or spread across government/continental boundaries.

Any root could be run independently and point to the same next level children leading to map-servers.

> One side is that the national security of US prefer the government operates the root DNS, another side is that other countries don’t like US to completely control the DNS.

I see this hierarchy run by commercial companies that have monetary incentive to run a production level service. So for example, I could use a pair of roots from say a Verisign. Or a different pair of roots offered by an AT&T, or a possible a third-party that calls themselves a Mapping Service Provider (MSP).

It is these roots at the top of the tree that need to connect to common parts in the middle and to the leaf map-servers of the tree.

> This is related to both technology and politics. Without the support of other countries, mapping server deployment globally will be in question.

If registrations and requests are encrypted, then anyone could run the roots and the what goes in and out of the mapping system stays private. But there needs to be competition so the level of service stays at a high-quality production level.

Dino

> 
> 
> Regards
> 
> Lin
> 
> 
> 
> -----Original Message-----
> From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Dino Farinacci
> Sent: Wednesday, September 21, 2016 2:13 PM
> To: ideas@ietf.org
> Cc: beta@lispers.net; LISP mailing list list; NVO3; lisp-alpha@external.cisco.com; LISPmob; 5gangip@ietf.org; lisp-ops@external.cisco.com
> Subject: [Ideas] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt
> 
> Hello folks. In draft-padma-ideas-problem-statement-00.txt, we have a section on mapping system requirements for map-n-encap and translation based loc/id split protocols. Rather than having you go into the document in detail (we wish you would and comment though), I will provide the short list below to attempt a discussion on requirements. 
> 
> I have copied the possible WGs that may want to use the mapping system technology. And I have also copied the LISP working group who can shed expertise on the subject as well as some beta lists that have some operational experiences with mapping database deployment and management.
> 
> The requirements below have a security and robustness twist to it but I think that is the best place to start and to consider security “up front”.
> 
> Thanks in advance,
> Dino
> 
> ----
> 
> 6.4.  Mapping System Security
> 
>   The secure mapping system must have the following requirements:
> 
>   1.  The components of the mapping system need to be robust against
>       direct and indirect attacks.  If any component is attacked, the
>       rest of the system should act with integrity and scale and only
>       the information associated with the compromised component is made
>       unavailable.
> 
>   2.  The addition and removal of components of the mapping system must
>       be performed in a secure matter so as to not violate the
>       integrity and operation of the system and service it provides.
> 
>   3.  The information returned by components of the mapping system
>       needs to be authenticated as to detect spoofing from
>       masqueraders.
> 
>   4.  Information registered (by publishers) to the mapping system must
>       be authenticated so the registering entity or the information is
>       not spoofed.
> 
>   5.  The mapping system must allow request access (for subscribers) to
>       be open and public.  However, it is optional to provide
>       confidentiality and authentication of the requesters and the
>       information they are requesting.
> 
>   6.  Any information provided by components of the mapping system must
>       be cryptographically signed by the provider and verified by the
>       consumer.
> 
>   7.  Message rate-limiting and other heuristics must be part of the
>       foundational support of the mapping system to protect the system
>       from invalid overloaded conditions.
> 
>   8.  The mapping system should support some form of provisioned
>       policy.  Either internal to the system or via mechanisms for
>       users of the system to describe policy rules.  Access control
>       should not use traditional granular-based access lists since they
>       do not scale and are hard to manage.  By the use of token- or
>       key- based authentication methods as well as deploying multiple
>       instances of the mapping system will allow acceptable policy
>       profiles.  Machine learning techniques could automate these
>       mechanisms.
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas

v2.8.7 | Report a Bug | By Email