Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
Roger Jørgensen <rogerj@gmail.com> Thu, 13 October 2016 19:22 UTC
Return-Path: <rogerj@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C11129606; Thu, 13 Oct 2016 12:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.22
X-Spam-Level:
X-Spam-Status: No, score=-2.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgy-JDI9SLjK; Thu, 13 Oct 2016 12:22:25 -0700 (PDT)
Received: from mail-qt0-f175.google.com (mail-qt0-f175.google.com [209.85.216.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8A8129502; Thu, 13 Oct 2016 12:22:24 -0700 (PDT)
Received: by mail-qt0-f175.google.com with SMTP id m5so55832899qtb.3; Thu, 13 Oct 2016 12:22:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iWXxzuSqTFogGWatxlYE/anwEbjAiiIlryMu162pzU0=; b=JlYSpoEXkiYxnYaKH56fxUeHie0iO4c3VyEj47wG9V356oDz187fja9WR0q7smvZD+ fVSvmSa4HPNitrzatG4shm7IOFYOE7N39dniO3DJS5Z3+f02LHn3ZiK34dNdhKsCluhO ivaUTPkAsqBAsTZIPjhgvpemcL1BeiM2DpVBrfOd4N89SpGjdW2fsqkYFSffneVHWK5C 3IifXkyeJdIMMYpa+8RYr6mP2xhbF5zuBuV8woy6KaOLi9uXgljw6HAl8LpSv0aCsO0z zQ/X/kalBB9F07MDuCjluOZSFf82BPYI+ij6kn/l+UF2HlfFDoSd+A3mojEYe9zqZLEY /hYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iWXxzuSqTFogGWatxlYE/anwEbjAiiIlryMu162pzU0=; b=N/XXFlQYZnKDFA6nDgrXzB+PrEpZL9cUhE2q3B9Lc5OhTLuMMXSroJ90vX32l1i+mI ldGita8Nym5Q4IFWsN+Enh8H1bywdv31ZZSnlGx1WeI0eX72RnwXO1CLMfiii7vw7dQJ YsP97mH9b9k90ka7B5D2nxAby3jDwVYPbo87joC8iUOC0wUO59WX4bnAFZGS/x18S+a4 tjzUd0g0AFjIIIPD7TmA1r6OKa0N5znbwrM7KnaKcHY94UEwQoUQ6jP/k90Dfs+sU8cK kgvt3kQvIDL2ROoDfnr3PKNSM5wcA9blWK3HmPtxK2B8pxLYpO47voA+xIHNY5MMNUl9 K4Qw==
X-Gm-Message-State: AA6/9RmIZ/CzcKlUW24aHKHc9QqvRVRDgi7cOCblSyMVZWILAMbHry5ZB2mNElcfVoML3w8BzAH7s05Gwt1c1w==
X-Received: by 10.28.40.3 with SMTP id o3mr3160140wmo.68.1476386483893; Thu, 13 Oct 2016 12:21:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.144.108 with HTTP; Thu, 13 Oct 2016 12:21:23 -0700 (PDT)
In-Reply-To: <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com> <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com>
From: Roger Jørgensen <rogerj@gmail.com>
Date: Thu, 13 Oct 2016 21:21:23 +0200
Message-ID: <CAKFn1SH5C0VsqZ6Qz5CWPHhuwt7xra4bGuvqFN+QMCw1zzDsSg@mail.gmail.com>
Subject: Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
To: Manish Kumar <manishkr.online@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/9fBy2WvKLNSrtS6qbrJOcl4ufGc>
Cc: Pete Resnick <presnick@qti.qualcomm.com>, draft-ietf-lisp-crypto.all@ietf.org, "lisp@ietf.org" <lisp@ietf.org>, General Area Review Team <gen-art@ietf.org>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 19:22:27 -0000
On Thu, Oct 13, 2016 at 3:30 PM, Manish Kumar <manishkr.online@gmail.com> wrote: > I guess I did mention this before but just in case that was missed - the > idea of a separate confidentiality mechanism for each encapsulation/overlay > protocol when these are all IP based does seem a bit inapposite to me. At a > minimum, it opens up scope for additional security holes to prey upon (as > against using a standard mechanism like IPsec). <snip> I was going to respond to the original question but somehow it got lost... The idea went through alot of discussion with different security guys to make sure it would be as good as it could be, if I remember correctly we did all that before it was requested to be a LISP-wg document.. I would suggest you read the introduction part again, are a few things there that made IPSec or any form of outer encryption out of scope. Not to forget that if using IPSec we would have to encapsulate an already encapsulated packet... Some other background on the document - I had two ideas, one was that we should encrypt the xTR - xTR traffic to make it a bit more secure over whatever medium it was crossing - and an idea that as a LISP site I should somehow be able to signal alongside my EID that i only wanted encrypted traffic to arrive at my xTR's, or that I only supported a few given encryption scheme. This and some ideas Dino already combined with other input morphed into the document we are discussing now. -- Roger Jorgensen | ROJO9-RIPE rogerj@gmail.com | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no
- Gen-ART Review for draft-ietf-lisp-crypto-09 Pete Resnick
- Re: [lisp] Gen-ART Review for draft-ietf-lisp-cry… Manish Kumar
- Re: [lisp] Gen-ART Review for draft-ietf-lisp-cry… Roger Jørgensen
- Re: [lisp] Gen-ART Review for draft-ietf-lisp-cry… Dino Farinacci
- Re: Gen-ART Review for draft-ietf-lisp-crypto-09 Dino Farinacci