[Last-Call] SECDIR Review of draft-ietf-lisp-6834bis-10
Donald Eastlake <d3e3e3@gmail.com> Wed, 25 May 2022 19:41 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24F19C07B7AF; Wed, 25 May 2022 12:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhciQ3DCEUeg; Wed, 25 May 2022 12:41:21 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85B91C07B7AC; Wed, 25 May 2022 12:41:21 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id y32so37602533lfa.6; Wed, 25 May 2022 12:41:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=2WH4Mf7Jl5VXXD7d8WUspYWK/aYD1/kqArtGSRK5h7g=; b=CgQ3ZS4luP9ls7Q6G4rbmeKFUHMHZD+jz6nwFYxNWwUuPyIJw1JidUz/HjZqa/HYa5 I3xR6N908GRITiswLrpitEa4nFNflcX8eQFynpJl9bG1pmhXs/3CPhlzmy/mlB0iGkWc sVDIqiQdEEMABgY5EMYXWoQ1bVE4rm3GmMZVI/p2H9ZLyr2s4HYJyVYEqIqRaIpfSDwu jEbS9AyxmWlZPTHkdZCj6BDEhlsxOQ1hGP19XfOUBR0vDbOyMKwilgBrN+CPCcG8v1OC jY3eoqv8pPDytA6JlRDz818xYCpsn69d0z8OpHWzIQ+ie+DfbTrN/XBwenzJqLjxgI/R 1FFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=2WH4Mf7Jl5VXXD7d8WUspYWK/aYD1/kqArtGSRK5h7g=; b=BdoEj3T4JYibq58I+lmgYvfdjndAcdvujSUcUlIIQcuHnBhfQ/A7/8N1/tcnKQ9axd bqf09bvrr8Yrh97ShpNCoEceI0xoEN/0wRXTV4rnGRbcEdbfQ6bBxjYfrvLNC1QvPmAT +cW6Ex8kAQa9ks/fqZ91SAZV9DiI/enGJdmSWjrkNwN3IIER88+f5D0HqluG9iQyOSd2 qwaZb44g+OJj3r2Gf7TWJ+hoeI1Pucoz/Ep+fHmVUWI6UJFBHfq256kELbdCOemY15B/ ULGOsuyP5yeFLCccxTvd+sLj3Z6C1wvqdclfe++TdKO0URgybTz7yzm2pccbvDbZntqK ihtA==
X-Gm-Message-State: AOAM531c9Q+eoQqA7a2z3qvkmjJb5fO8Wd9jTsRHF6U5y6ZxL6rsl4NH GeGpN0VljHJcQxjDsup6+tK6tnM3+bS7V222e5LGLQHNLyo=
X-Google-Smtp-Source: ABdhPJxBWrilBBIl6r8IOX/56JbrA7iUEjJ9aebrwkoJ/O9X1Bi2LwH/THu61af0Fn0t7fnQA2z8Pr9l3i/LK6JRMhA=
X-Received: by 2002:a05:6512:3182:b0:478:6db8:829a with SMTP id i2-20020a056512318200b004786db8829amr12508032lfe.482.1653507679007; Wed, 25 May 2022 12:41:19 -0700 (PDT)
MIME-Version: 1.0
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 25 May 2022 15:41:08 -0400
Message-ID: <CAF4+nEGUGFj7UVGjDCYcgv4Qd+4_bbDXKeFUQ-3TYdn=CbXoiA@mail.gmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>
Cc: secdir <secdir@ietf.org>, Last Call <last-call@ietf.org>, draft-ietf-lisp-6834bis.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d73a7405dfdb4117"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/W8kkOskBBTTurDH_sXJCLSzhwjI>
Subject: [Last-Call] SECDIR Review of draft-ietf-lisp-6834bis-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2022 19:41:22 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. Sorry this is a bit late. The summary of the review is Ready with Issues. This Standards Track draft on "Locator/ID Separation Protocol (LISP) Map-Versioning" obsoles the previous Experimental RFC 6834. I have not been following LISP but I read draft-ietf-list-introduction before reviewing this draft so I think I understand what's going on. SECURITY This draft appears to completely ignore the issue of Map Version Number advancing so far so quickly that an old version number is encountered that appears to be newer than or equal to the current version number. Why can't this happen? Or if it can, why doesn't that hurt? Section 8, last paragraph: Says Map-Versioning can only be used in trusted, closed environments but Section 7.1 and 7.2 seem to talk about what to do about the Map-Version field without any reference to this, but mentioning private deployments for certain error conditions. For example, Section 7.2 point 3 says to discard a packet on an erroneous Map-Version value except perhaps in some private deployments. But if you MUST NOT use Map-Versioning on the open internet, shouldn't it be required to discard all LISP encapsulated packets with Map-Version numbering if received over the public Internet? Otherwise, the Security Considerations seem adequate although I think the 1st and 2nd paragraphs of Section 8 should be swapped. OTHER ISSUES Section 6, right after equation 3: Isn't "(69 + 4096) mod 4096" the same as "69"? And isn't 69 equal to 69, not less than 69? Shouldn't it say "Map-Version numbers in the range [69 + 2049; 68] are smaller than 69"? Or actually "in the ranges [69 + 2049; 4095] and [1;68] are smaller than 69"? Section A.3: How is it possible to tell that no more traffic will be received? Should this instead be something like wait the TTL of the mappings to that RLOC plus estimated transit time and some margin for safety? TYPOS/MINOR Should the document say anything about mapping changes possibly causing re-ordering? Section 1: I think the following should end with "ITR": "If this is not the case, the ETR can directly send a Map-Request containing the updated mapping to the ETR," Section 7.2, first sentence after point 3: Suggest using "MAY" in "may be more restrictive." Section A.2.3: "provider edge" pops up here with no other mention or explanation anywhere in the draft Section A.2.3: The last two sentences sound like they contradict each other. I assume the last sentence is refering to change in the Source mapping. Suggest "the mapping" -> "the Source mapping". EDITORIAL Section 1: "This operation is two-fold." -> "This information has two uses." Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com
- [Last-Call] SECDIR Review of draft-ietf-lisp-6834… Donald Eastlake