Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption

Fabio Maino <fmaino@cisco.com> Fri, 05 December 2014 16:26 UTC

Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948341ACF1D for <lisp@ietfa.amsl.com>; Fri, 5 Dec 2014 08:26:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Zs8wiX0TBFR for <lisp@ietfa.amsl.com>; Fri, 5 Dec 2014 08:26:21 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C8C1ACF1B for <lisp@ietf.org>; Fri, 5 Dec 2014 08:26:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4138; q=dns/txt; s=iport; t=1417796781; x=1419006381; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=tvUBxDRdC8Sly2BVmMrgbkJykVBrkVXjw/iNu/9YcT4=; b=AJaiq4WtUPbouB9rmOMNW4C8AcVn/v+P43JQGQLASc535Y8Pm3qbGqm5 TpnfVCHAgy+PXX12O8bjKwt0pcU+qLlROD76WBclNybvKXrg7tZwk7Np1 w9ckQszWlXEVn9oUchtAMngVua+CPNbDaQknrCn9okLJ3xxrwTWeof7wg k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnUFAJrbgVStJA2L/2dsb2JhbABZgwZSWIMFw0EKhhMCgR4WAQEBAQF9hAIBAQEDAQEBARoGDwEFNgoBEAsYAgIFFgsCAgkDAgECARUwBg0BBQIBAYguCQ3AD5ZsAQEBAQEBAQEBAQEBAQEBAQEBAQEUBIEojycHgm+BRwEEijCJFIYbgSKDEoI7iG6DYoQQHjCCQwEBAQ
X-IronPort-AV: E=Sophos;i="5.07,522,1413244800"; d="scan'208";a="374781277"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-9.cisco.com with ESMTP; 05 Dec 2014 16:26:20 +0000
Received: from [10.24.40.117] ([10.24.40.117]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id sB5GQKok029555; Fri, 5 Dec 2014 16:26:20 GMT
Message-ID: <5481DCB6.6070300@cisco.com>
Date: Fri, 05 Dec 2014 08:26:30 -0800
From: Fabio Maino <fmaino@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Dino Farinacci <farinacci@gmail.com>
References: <D35D7CD0-20E5-4210-8025-7C92441DD339@gigix.net> <5480B13C.4090203@cisco.com> <97DA0D20-84D3-4478-8F90-C033E67172CD@gmail.com>
In-Reply-To: <97DA0D20-84D3-4478-8F90-C033E67172CD@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/1ndVMTlj2jGykmr4Lq2pAzAEGxc
Cc: lisp@ietf.org
Subject: Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 16:26:23 -0000

Hi Dino,
I have no problems with the control plane part. An encap with 
multiprotocol support would allow to do IPsec encap before LISP encap, 
and could be used with the unauthenticated DH mechanism that you propose.

I do really think that the LISP WG should not miss the encap debate, and 
drive the transition to a format that lends itself to the various use 
cases that are being envisioned (and that IMO should become the main 
focus of the WG asap). There's quite a broad support behind VXLAN-GPE, 
and LISP-GPE is an opportunity for LISP to capitalize on that support 
and maintain some backward compatibility with the current LISP encap and 
features.

Fabio

On 12/4/14, 1:30 PM, Dino Farinacci wrote:
> Do you support the control-plane mechanisms in the draft?
>
> The advantage of having more bits for encryption is that we can have more data-plane keys. With the current lisp-crypto proposal, we only have 3 keys-ids.
>
> But I would use caution here, because the state of the art in data-plane encapsulations is all over the place. And while generalization is nice, it often isn't practical. And what results in the marketplace is a subset of options being delivered in a general design that brings you back to the same result of having a specific format that would need to change later.
>
> Dino
>
>> On Dec 4, 2014, at 11:08 AM, Fabio Maino <fmaino@cisco.com> wrote:
>>
>> I don't support adoption of this document.
>>
>> The document is proposing an extension of the LISP header to support data plane security.  However, there has been quite a lot of discussion in various WGs, including LISP, about the need for a more flexible overlay encapsulation. Besides support for data plane security, the requirements include capability to support non IP payloads, and to support metadata for various applications including service chaining  and policy tags.
>>
>> I believe that rather than just adding incremental support for data plane security, the WG should  have a comprehensive look at how to extend the LISP header to address the requirements above. draft-lewis-lisp-gpe, that was presented to the WG a few times, tries to address all of those requirements.
>>
>> Extending the semantic of the header to support data plane security, at least for HW implementations, comes at about the same cost of addressing all of the requirements above. I believe the same is true, to a lesser extent, even with SW implementations (at least those that deal with the encap in the kernel).
>>
>> Thanks,
>> Fabio
>>
>>
>>
>> On 12/4/14, 3:27 AM, Luigi Iannone wrote:
>>> Hi All,
>>>
>>> During the 91st IETF authors of the draft-farinacci-lisp-crypto-01
>>> [https://tools.ietf.org/html/draft-farinacci-lisp-crypto-01]
>>> asked for WG adoption. Meeting participants expressed consensus on adoption.
>>>
>>> This message begins the two weeks call for WG adoption to confirm the meeting outcome.
>>> The call ends on  December 19th 2014.
>>>
>>> Please respond to the LISP mailing list with any statements of approval or disapproval.
>>>
>>> Recall that:
>>>
>>> - This is not WG Last Call. The document is not final, and the WG is expected to
>>>    modify the document’s content until there is WG consensus that the content is solid.
>>>    Therefore, please don’t oppose adoption just because you want to see changes to its content.
>>>
>>> - If you have objections to adoption of the document, please state your reasons why,
>>>    and explain what it would take to address your concerns.
>>>
>>> - If you have issues with the content, by all means raise those issues and we can
>>>    begin a dialog about how best to address them.
>>>                                                                                                                                 Luigi and Joel
>>>
>>> _______________________________________________
>>> lisp mailing list
>>> lisp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lisp
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp