IETF Logo Mail Archive

Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)

Anton Smirnov <asmirnov@cisco.com> Tue, 01 November 2016 18:51 UTC

Return-Path: <asmirnov@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44FC71293F5; Tue, 1 Nov 2016 11:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.019
X-Spam-Level:
X-Spam-Status: No, score=-16.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4OHO-DpYqaD; Tue, 1 Nov 2016 11:51:32 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C08BF129874; Tue, 1 Nov 2016 11:51:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1654; q=dns/txt; s=iport; t=1478026292; x=1479235892; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=4rK8HZYiyUoXaV+5PIw+ZoSRec+Q+9AArfesGpDjDkI=; b=OOW5OmjZAZ2LRkCX3LL2tqLena1NKvAU35v/WozNGSD/j5pAdLGt97oi IH9EAhg4th90zZSYTu63FIKxVhbLUKVsulJYW5J85JvI3qDLo0gcHHyjb t7wAM9zHSYUTzIND9JedKRBMQZtUjObsoOwP2UHtp/OOVqMox+JUPyGZz E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CTAgCt4xhY/xbLJq1dGQEBAQEBAQEBAQEBBwEBAQEBgyoBAQEBAXcDJ1KNNpcBkjaCD4IHKIV6AoJSFAECAQEBAQEBAWIohGIBAQQjFUEQCxgCAiYCAlcGAQwIAQGIUA6rBI0BAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEHhTaBfYJYhBkRAYMgglwFiEaLdoVehjGKBIFuhG6DF4YTjROEBB42UgYIg1iBPD00AYUiDRcHgg4BAQE
X-IronPort-AV: E=Sophos;i="5.31,580,1473120000"; d="scan'208";a="689335444"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Nov 2016 18:51:30 +0000
Received: from [10.55.206.135] (ams-asmirnov-nitro6.cisco.com [10.55.206.135]) (authenticated bits=0) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id uA1IpTA6015044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 1 Nov 2016 18:51:29 GMT
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <147757226834.24715.16366455756541086706.idtracker@ietfa.amsl.com>
From: Anton Smirnov <asmirnov@cisco.com>
Organization: Cisco Systems
Message-ID: <74bb00ca-b694-95ea-48a8-4241e3eb7e38@cisco.com>
Date: Tue, 01 Nov 2016 19:51:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <147757226834.24715.16366455756541086706.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Authenticated-User: asmirnov
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/3T9QaTJicbjm4CYvFwTKiU1Julo>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 18:51:34 -0000

    Hello Stephen,

    thanks for your comment.

   Existing DDT implementations are already using RSA-SHA1, so we cannot 
simply replace it with RSA-SHA256. But we should be able to add the 
latter as another signing algorithm.

    Authors will take in your comments in the next revision of the draft.

Anton

On Thursday 27 October 2016 14:44, Stephen Farrell wrote:
> Stephen Farrell has entered the following ballot position for
> draft-ietf-lisp-ddt-08: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
>
> 6.4.1: RSA-SHA1 is not the right choice today, shouldn't
> this be RSA-SHA256?
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> - 6.4.1: Can you clarify what bits are signed? I'm not
> quite sure from the description given - you can have
> more than one signature but you say the the "entire
> record" is covered.
>
> - Section 8: Where's signature validation in the
> pseudo-code?
>
>

v2.23.0 | Report a Bug | By Email