Re: [lisp] Kathleen Moriarty's No Objection on draft-ietf-lisp-impact-04: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 22 October 2015 11:07 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 735291A1B0E; Thu, 22 Oct 2015 04:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ug2P8eyeLFrI; Thu, 22 Oct 2015 04:06:58 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E8571A1B1F; Thu, 22 Oct 2015 04:06:58 -0700 (PDT)
Received: by qkbl190 with SMTP id l190so51619308qkb.2; Thu, 22 Oct 2015 04:06:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4lERrG+KMIdUPv8mYVKQ7wiqNm8idyUCO7+3bBCBJZg=; b=ZOk3oc37dPnbRhqyLld90/9gY1747N4HH7/QopL6Z5o3s/Fxj7/w8We3kmzhx9cXV9 jdUKwiH5ugxT/HEsP5ddIZMm60f9c/t6LvaeWTWLLdhD/wBa2K7kzER51wwa+x4y7ZgX VT3iRFG5vU4I5kXF14ZTuGuoBve2/sYaCTxKmv/LZJRJYwrvSIGiqA1DWDQk0l/45aMo Jdi5DoFKkf3PH7zibl7AgtDcBECenFPCkRkPB9vEVkxWtvHo/N/keMbRRQXDbcgdZnXG 4IZyNGVXvTEHQf4QnAuPS9Ol5MZhmxWjZId8Tqj18GzOAnQZlFtQvQOpBQVjrSK6C6Uq nNIA==
X-Received: by 10.55.195.135 with SMTP id r7mr18225783qkl.4.1445512017449; Thu, 22 Oct 2015 04:06:57 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by smtp.gmail.com with ESMTPSA id h198sm5083285qhc.47.2015.10.22.04.06.56 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 22 Oct 2015 04:06:56 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <DF2097B2-704A-4A9A-84F2-0C5870925B9B@gigix.net>
Date: Thu, 22 Oct 2015 07:06:55 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <56C57AAF-DBD9-42D8-987E-2435871DC5C6@gmail.com>
References: <20151021165230.18223.65896.idtracker@ietfa.amsl.com> <DF2097B2-704A-4A9A-84F2-0C5870925B9B@gigix.net>
To: Luigi Iannone <ggx@gigix.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/0u-M3wWeB-d-TFVgoWqA89EAfzg>
Cc: "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, "draft-ietf-lisp-impact.all@ietf.org" <draft-ietf-lisp-impact.all@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-lisp-impact@ietf.org" <draft-ietf-lisp-impact@ietf.org>
Subject: Re: [lisp] Kathleen Moriarty's No Objection on draft-ietf-lisp-impact-04: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 11:07:01 -0000
Hi Luigi, Thank you! It must not have gone to the SecDir list. I had noticed at least one of the changes. Best regards, Kathleen Sent from my iPhone > On Oct 22, 2015, at 5:32 AM, Luigi Iannone <ggx@gigix.net> wrote: > > Hi Kathleen, > >> On 21 Oct 2015, at 18:52, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > [snip] > >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Hello, >> >> There was no follow up or changes (it seems) as a result of the SecDir >> review. It would be helpful to address the questions on the aim of this >> draft and how it applies to security for the user and impact of LISP. >> https://www.ietf.org/mail-archive/web/secdir/current/msg06103.html > > There was actually a follow up (see below) or ami I missing something? > > Let me know. > > ciao > > L. > > > %—— Last reply to Hilarie on 20th October———————% > Hi Hilarie, > > Thanks again for your reply. > please find our comments inline. > > ciao > > Luigi > > >> On 19 Oct 2015, at 21:02, Hilarie Orman <ho@alum.mit.edu> wrote: >> >> [NB: this is in re draft-ietf-lisp-impact-04] >> >> A few comments and suggestions: >> >> Unless gleaning features (actually deprecated in >> RFC 6830 [RFC6830]) are used, >> >> I don't see that gleaning is deprecated. In any event, how does gleaning >> undermine security? > > This is actually discussed in sections 6 and 12 of RFC6830 and analysed in Section 3.1 of draft-ietf-lisp-threats. > >> >> the LISP data-plane shows the >> same level of security as other IP-over-IP technologies. >> From a security perspective, the control-plane remains the >> critical part of the LISP architecture. >> >> To maximally mitigate the threats on the mapping >> >> I doubt authentication is "maximal" mitigation. It just mitigates. > > Agreed. The sentence will be simplified as just “To mitigate the threats…." > >> >> system, authentication must be used, whenever possible, for all >> >> When would it be impossible to use authentication? > > The idea was to hint at deployments in ressource constrained environments. > It might in fact be misleading. The whole sentence can be reworded as follows: > > To mitigate the threats on the mapping system, authentication > should be used for all control plane messages. > > >> control plane messages. >> >> Current specification already offer security mechanisms >> ([RFC6833], [I-D.ietf-lisp-sec]) able to strongly reduce threats >> in non-trustable environments such as the Internet. >> >> "The currenet specification defines security mechanisms which can >> reduce threats in open network environments” > > Just to keep the references, the sentence can be: > > The current specification ([RFC6833], [I-D.ietf-lisp-sec]) defines security > mechanisms which can reduce threats in open network environments. > > >> ? > >> Actually, LISP specifications define a generic authentication data field >> control plane messages [RFC6830] allowing to propose a general >> authentication mechanisms for the LISP control-plane while staying >> backward compatible. >> >> "The LISP specification defines a generic authentication data field >> for control plane messages [RFC6830] which could be used for a general >> authentication mechanisms for the LISP control-plane while staying >> backward compatible. " ?? > > Reads much better, thanks. > > Luigi > >> Hilarie >> >>> Subject: Re: review of draft-saucez-lisp-impact-04.txt >>> From: Luigi Iannone <luigi.iannone@telecom-paristech.fr> >>> Date: Sat, 17 Oct 2015 21:49:24 +0200 >>> Cc: Damien Saucez <damien.saucez@inria.fr>, >>> draft-saucez-lisp-impact@tools.ietf.org, secdir@ietf.org, >>> The IESG <iesg@ietf.org> >> >>> Hi Hilarie, >> >>> In the current format the security section just states that actually >>> security is out of the scope of the document. >>> This was actually an outcome of the WG discussion, were it was >>> decided to clearly separate security and impact. >> >> >>> Yet, it is true that the security section is poor, while >>> security analysis is out of the scope of the document, it does not >>> mean that we cannot mention the major security points >>> thoroughly analysed in the threats document. >> >> >>> Hence we propose to modify the security section as follows: >> >>> Old Version: >> >>> Security and threats analysis of the LISP protocol is out of the >>> scope of the present document. A thorough analysis of LISP security >>> threats is detailed in [I-D.ietf-lisp-threats]. >> >> >>> NEW Version: >> >>> A thorough security and threats analysis of the LISP protocol >>> is carried out in details in [I-D.ietf-lisp-threats]. >>> Like for other Internet technologies, also for LISP most of >>> threats can be mitigated using Best Current Practice, meaning >>> with careful deployment an configuration (e.g., filter) and also >>> by activating only features that are really necessary in the >>> deployment and verifying all the information obtained from third >>> parties. Unless gleaning features (actually deprecated in >>> RFC 6830 [RFC6830]) are used, the LISP data-plane shows the >>> same level of security as other IP-over-IP technologies. >>> From a security perspective, the control-plane remains the >>> critical part of the LISP architecture. >>> To maximally mitigate the threats on the mapping >>> system, authentication must be used, whenever possible, for all >>> control plane messages. >>> Current specification already offer security mechanisms >>> ([RFC6833], [I-D.ietf-lisp-sec]) able to strongly reduce threats >>> in non-trustable environments such as the Internet. >>> Actually, LISP specifications define a generic authentication data field >>> control plane messages [RFC6830] allowing to propose a general >>> authentication mechanisms for the LISP control-plane while staying >>> backward compatible. >> >> >>> We hope this delivers the information you were looking for. >> >>> ciao >> >>> Luigi >> >> >>>> On 13 Oct 2015, at 19:28, Hilarie Orman <ho@alum.mit.edu> wrote: >>>> >>>> Thanks for pointing out my mistake. I have now reviewed >>>> draft-ietf-lisp-impact-04 and the same comments about security apply. >>>> >>>> Hilarie >>>> >>>>> From: Damien Saucez <damien.saucez@inria.fr> >>>>> Date: Tue, 13 Oct 2015 08:13:08 +0200 >>>> >>>> >>>>> Thank you for the review. I would have a question regarding the document you reviewed. Did you review th >>>> >>>>> draft-sauces-lisp-impact-04 >>>> >>>>> or >>>> >>>>> draft-ietf-lisp-impact-04 >>>> >>>>> Thank you, >>>> >>>>> Damien Saucez >>>> >>>>> On 13 Oct 2015, at 05:01, Hilarie Orman <ho@alum.mit.edu> wrote: >>>> >>>>>> Secdir review of LISP Impact >>>>>> draft-saucez-lisp-impact-04.txt >>>>>> >>>>>> Do not be alarmed. I have reviewed this document as part of the >>>>>> security directorate's ongoing effort to review all IETF documents >>>>>> being processed by the IESG. These comments were written primarily >>>>>> for the benefit of the security area directors. Document editors and >>>>>> WG chairs should treat these comments just like any other last call >>>>>> comments. >>>>>> >>>>>> A new way of handling routing information has been defined in IETF >>>>>> documents about the Locator/Identifier Separation Protocol (LISP). >>>>>> The draft under discussion here elaborates on the possible >>>>>> consequences of widespread use of LISP. >>>>>> >>>>>> The draft punts on security considerations and refers to previous >>>>>> documents describing threats to LISP and how LISP uses cryptography >>>>>> for protecting the integrity of its messages. >>>>>> >>>>>> It seems to me that if the purported impact of LISP is to "scale the >>>>>> Internet", then its impact on security should be a major part of the >>>>>> equation. Will it make routing information more or less vulnerable >>>>>> malicious manipulation? How will it affect the stability of a network >>>>>> that is under constant threat of attack? >>>>>> >>>>>> I don't feel that the draft can achieve its purpose without addressing >>>>>> security. >>>>>> >>>>>> Hilarie >>>>>> >>>>>> PS. I was very disappointed to realize that this was not a draft >>>>>> about my favorite programming language. > >
- [lisp] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [lisp] Kathleen Moriarty's No Objection on dr… Luigi Iannone
- Re: [lisp] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [lisp] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [lisp] Kathleen Moriarty's No Objection on dr… Luigi Iannone
- Re: [lisp] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty