IETF Logo Mail Archive

Re: [lisp] LISP crypto

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 06 November 2015 00:23 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 189FE1A6FAC for <lisp@ietfa.amsl.com>; Thu, 5 Nov 2015 16:23:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyGZhkqdYG1W for <lisp@ietfa.amsl.com>; Thu, 5 Nov 2015 16:23:45 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B65931A6F9B for <lisp@ietf.org>; Thu, 5 Nov 2015 16:23:45 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CBABBBE25; Fri, 6 Nov 2015 00:23:43 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p9cU0a0CAkc8; Fri, 6 Nov 2015 00:23:42 +0000 (GMT)
Received: from [133.93.44.14] (dhcp-44-14.meeting.ietf94.jp [133.93.44.14]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B5C02BDF9; Fri, 6 Nov 2015 00:23:40 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1446769422; bh=xQJEwfWbbVmZJYHAd7HkCstv0QtKgTZt3YMzNFjxWP4=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=JEAxkBZaKGC9+2idtJdw2CBI6Fq6f36cTCiVKOEeM+Cboom+TNuKoLlnj1rSid7aS dzln5q5pgRJTRW64aFi7j9z9VrbzT30+NvQZ7LI7kCoqL6wzxUQvspC8+zZ2Sj5ig7 KFnkoVzTFSdyHbsHXeebxkQjUqYV9ni31QaB17fk=
To: Dino Farinacci <farinacci@gmail.com>, "Amjad Inamdar (amjads)" <amjads@cisco.com>
References: <0289fb1a84a84cff89fa92a4559c829c@XCH-ALN-006.cisco.com> <FA68153A-54CE-4572-87E6-2167F6AB48F3@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <563BF308.3010407@cs.tcd.ie>
Date: Fri, 06 Nov 2015 00:23:36 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <FA68153A-54CE-4572-87E6-2167F6AB48F3@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/1hJa9_1i9wsTBN5Nnr6kF17nZ6A>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] LISP crypto
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 00:23:48 -0000


On 06/11/15 00:03, Dino Farinacci wrote:
> Amjad, we are aware of the QC-safe work going on in CFRG. We are
> following it but it is very researchy at this point. 

Correct. It would be premature IMO to try to incorporate any
functionality that aims to mitigate QC attacks against
asymmetric crypto since we're not at a point where we know how
to do that effectively and efficiently.

> We can add some
> text indicating that we’ll follow any CFRG/SAAG recommendations (or
> any security area working group’s recommendation) on using QC-safe
> technology.

I don't think that's needed myself.

S.

> 
> If there is anything specific you want us to look at with IKE, please
> send some pointers. Thanks.
> 
> Dino
> 
>> On Nov 5, 2015, at 10:37 AM, Amjad Inamdar (amjads)
>> <amjads@cisco.com> wrote:
>> 
>> Hi Brian/Dino,
>> 
>> The key material derivation proposed in draft-ietf-lisp-crypto is
>> based on Diffie-Hellman which is not Quantum Computer resistant.
>> There is some work underway to make IKE that uses DH for key
>> derivation Quantum Computer safe. Might be a good idea to consider
>> this for lisp-crypto as well.
>> 
>> Thanks, -Amjad
>> 
>> From: Amjad Inamdar (amjads) Sent: 03 November 2015 PM 12:33 To:
>> 'lisp@ietf.org' Subject: LISP NAT Traversal
>> 
>> Hi,
>> 
>> It will be useful if LISP NAT traversal draft
>> (draft-ermagan-lisp-nat-traversal) can elaborate on the following
>> 
>> 1) Why LISP NAT traversal cannot be accomplished without RTR
>> (another network entity) which has implications on deployability,
>> complexity and latency. There are other protocols (e.g IKE/IPsec)
>> that achieve NAT-D and NAT-T without the need for additional
>> network entity.
>> 
>> 2) Some more details on RTR deployment - location of RTR in the
>> LISP deployment like there are recommendations on PITR/PETR
>> deployments - is RTR shared across LISP sites behind NAT or each
>> site needs a dedicated RTR - what if RTR is behind another NAT
>> (SP-NAT)
>> 
>> 3) How is multiple-NAT handled (e.g. enterprise and SP NAT)
>> 
>> Thanks, -Amjad Inamdar CISSP, CCNP R&S, CCNP Security, CCDP, CCSK 
>> Senior Technical Leader CSG PI Services Security - India
>> 
>> _______________________________________________ lisp mailing list 
>> lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
> 
> _______________________________________________ lisp mailing list 
> lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
>

v2.23.0 | Report a Bug | By Email