Re: [lisp] Last Call SECDIR Review of draft-ietf-lisp-6834bis-11
Donald Eastlake <d3e3e3@gmail.com> Thu, 02 June 2022 02:49 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A0EC15AAC2; Wed, 1 Jun 2022 19:49:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.856
X-Spam-Level:
X-Spam-Status: No, score=-1.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cF3iLRa32QUH; Wed, 1 Jun 2022 19:49:13 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AC07C15AAC1; Wed, 1 Jun 2022 19:49:13 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id y32so5691739lfa.6; Wed, 01 Jun 2022 19:49:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QPWQvl3Sx4xKShyvBFZsO3DvC8yj4DXFFsHHCb4/JeM=; b=WdZ3N1FqBiy6c8IOhGjoau5Y3JCUbOEJcj08RUm4SAJ82d2vMsxVW6IFxHe1VDBA4n VA9Xp5gzfEkN64PDT+PR63/1i9PpwJXMrQtrVU7lPBu+EMCb9zEESfXCz7g6DsoSapSg kKOpJeEZ1jvhsnH84QgOEztsR3huTrGXH/m+9qH1RUT4lsSdYU3WDI3P9fGgCR/YXe4h irJtQwXYaq9jye45z+ODOX9KXpDUNAzOe2CpzJWwetVrWlQnH13SVheQdX7DMvCo2o/8 NIEqDpfw+4/E8KFHoeufs1HQAeG1rlXEkm3sGLeROUkIM6uOl93ra0pev9cgVrvlUDkw P3zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QPWQvl3Sx4xKShyvBFZsO3DvC8yj4DXFFsHHCb4/JeM=; b=wdB0ddH9T6N9gVh3VD4FzfQnFY3mfOARFvF+36ZntdKTY/lNjA4HDwOTY43zRG/9k9 urnSsHs0s1o8Dw+55HvAm9qr0FcUTP5DYh3wA6chn4s7eV63Hyf7MnRHir+tdx/8GxeQ Tx2O6pQPxB5T/WwqNVKY5gPmYvMThZM4mbTQISiNx6Eh0ygi7dTIf6765yhIAZK4/gku VFC01E434aAQCA3j7HD496J3IzADXdsP5BOpQRYd+689ASg90scJ6qGyJDmxsVTl/uMx O6oNrbvHSwqBaufWsnBKumuMe9WOZ8FMySljiCUUwv3BcJFBw5dw4P10WJjPaImRgGV4 Eq+A==
X-Gm-Message-State: AOAM532tVYReFdEGSK91kFtOf0Rqp29JtvmM9DXamA2hP7vGDdKDSKx4 CTDXDXzvGAWivJ8kQE4aMSHYLBZ4h61L0xsaaXNaFwQmifA=
X-Google-Smtp-Source: ABdhPJz3kO+Iqq81JKluVz84Bp95lb4d7WoSHKk1Njw5kEGYtSY1Lv92WMa5qqWRTaK0G9Pc7gMvNl+9JySL8jQ7inU=
X-Received: by 2002:a05:6512:ea8:b0:479:8e3:df22 with SMTP id bi40-20020a0565120ea800b0047908e3df22mr1838615lfb.43.1654138151687; Wed, 01 Jun 2022 19:49:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEE0UrAhSkUzbWbaoZKvHE_LFs6zmbda3nie=M-EN-XDeg@mail.gmail.com> <542A2E95-C536-43A3-B500-A85D76A62579@gigix.net> <CAF4+nEFHzKCgLBWMT2-WTO0T0vgxpYV1bndsz4HofNKvpYt-2w@mail.gmail.com> <D37B519F-D27B-4584-ADF9-3414968E657A@gigix.net> <B6EE0E97-7590-4355-9E66-28F22958B720@gigix.net>
In-Reply-To: <B6EE0E97-7590-4355-9E66-28F22958B720@gigix.net>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 01 Jun 2022 22:49:00 -0400
Message-ID: <CAF4+nEEHBpqoBxQT57MqykPunB7gjDOUsYQx4uxnXpPsyFzJkQ@mail.gmail.com>
To: Luigi Iannone <ggx@gigix.net>
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, Last Call <last-call@ietf.org>, draft-ietf-lisp-6834bis.all@ietf.org, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f0d98e05e06e0c1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/5HjTh_ZaOGiQMZTEbA9zmubwLp0>
Subject: Re: [lisp] Last Call SECDIR Review of draft-ietf-lisp-6834bis-11
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2022 02:49:15 -0000
Hi Luigi, I think -12 is pretty good. The change suggested by Alvaro should be included. And I think the last sentence in Section A.3 in -12 should probably be a separate paragraph and the start should be "Note that ..." rather than "To be noted that ...". With those changes, I am OK with the draft. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com On Wed, Jun 1, 2022 at 8:16 AM Luigi Iannone <ggx@gigix.net> wrote: > Hi Donald, > > A new revision of the drafts has been submitted. > Here is the link to the rfcdiff: > https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-6834bis-12.txt > > Let me know if this revision does not address your concerns. > > Thanks > > Ciao > > L. > > On 1 Jun 2022, at 10:45, Luigi Iannone <ggx@gigix.net> wrote: > > > > On 1 Jun 2022, at 05:29, Donald Eastlake <d3e3e3@gmail.com> wrote: > > See below at <de> > > On Mon, May 30, 2022 at 9:32 AM Luigi Iannone <ggx@gigix.net> wrote: > >> Hi Donald, >> >> Thank you very much for your review. >> I take this last updated review and provide some answers inline. >> >> On 30 May 2022, at 04:35, Donald Eastlake <d3e3e3@gmail.com> wrote: >> >> I have updated my review of the -10 version for -11 below. >> Comments/suggestions that I do not comment on still apply. >> >> On Wed, May 25, 2022 at 3:41 PM Donald Eastlake <d3e3e3@gmail.com> wrote: >> >> >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the IESG. >> Document editors and WG chairs should treat these comments just like any >> other last call comments. Sorry this is a bit late. >> >> >> The summary of the review is Ready with Issues. >> >> >> Well, minor issues... >> >> ... >> >> SECURITY >> >> This draft appears to completely ignore the issue of Map Version Number >> advancing so far so quickly that an old version number is encountered that >> appears to be newer than or equal to the current version number. Why can't >> this happen? Or if it can, why doesn't that hurt? >> >> This is more of an operational point. If you update a mapping, the best >> would be to give sufficient time so that everybody updates and there is no >> such a risk. >> What about adding in section 7 “dealing with Map-Version Numbers” the >> following sentence. >> >> It is an operational question to make sure that Map-Version numbers are >> not updated so frequently as to create the risk that very old version >> numbers appear newer (because of the circular space). >> >> Would that address your issue? >> > > <de> Not really. (1) I think the document needs to say what happens if the > numbers wrap around and overlap. (2) Assuming the answer to 1 is as bad as > I think, then it is not "an operational question" to avoid this but rather > "an operational requirement". That is, there should be a statement > something like "Map Version Number incrementing and TTL MUST be managed so > that an old Version Numbers will not be confused as a new Version Number. > > > This last sentence is great. I will put it in section 7. > > > > Section 8, last paragraph: Says Map-Versioning can only be used in >> trusted, closed environments but Section 7.1 and 7.2 seem to talk about >> what to do about the Map-Version field without any reference to this, but >> mentioning private deployments for certain error conditions. For example, >> Section 7.2 point 3 says to discard a packet on an erroneous Map-Version >> value except perhaps in some private deployments. But if you MUST NOT use >> Map-Versioning on the open internet, shouldn't it be required to discard >> all LISP encapsulated packets with Map-Version numbering if received over >> the public Internet? >> >> Actually section 7.1 reads: >> >> Operators can configure exceptions to this >> recommendation, which are outside the scope of this document. >> >> >> We should have done the same for 7.2, will do in a revision. >> > <de> Well, adding that to Section 7.2 would help. But the problem is the > following sentence in Section 8: > > Map-Versioning MUST NOT be used over the public Internet and SHOULD > only be used in trusted and closed deployments. > > > It seems to me that sentence says you can only use Map-Versioning in a > private network and that private network SHOULD be trusted. So I guess it > allows use in an untrusted private network... Is that what you want to say? > > > This is similar to the comment made by Paul. > His suggestion is to change the SHOULD in a MUST. Would this work for you > as well? > > > > >> Otherwise, the Security Considerations seem adequate although I think the >> 1st and 2nd paragraphs of Section 8 should be swapped. >> >> Yes, it may read better. Will be swapped in the next revision. >> >> OTHER ISSUES >> >> Section 6, right after equation 3: Isn't "(69 + 4096) mod 4096" the same >> as "69"? And isn't 69 equal to 69, not less than 69? Shouldn't it say >> "Map-Version numbers in the range [69 + 2049; 68] are smaller than 69"? Or >> actually "in the ranges [69 + 2049; 4095] and [1;68] are smaller than 69"? >> >> Wonderful catch. Should be >> [69 + 2049; (69 + 4095) mod 4096] >> >> >> Will fix. >> >> Section A.3: How is it possible to tell that no more traffic will be >> received? Should this instead be something like wait the TTL of the >> mappings to that RLOC plus estimated transit time and some margin for >> safety? >> >> Absolutely right, the sentence should be: >> >> Upon updating the mapping, the RLOC will receive the less and less >> >> traffic because remote LISP sites will get the updated mapping. >> >> At least one TTL after the mapping was updated, it could be >> >> considered safe to shut down the RLOC gracefully, because all >> >> sites actively using the mapping should have updated >> >> it. >> >> >> Sounds better? >> > > <de> Yes, that's better. But I would suggest alternate wording such as the > following: > > "Upon updating the mapping, the RLOC will receive less and less > > traffic because remote LISP sites will request the updated > > mapping and see that it is disabled. At least one TTL, plus a > > little time for traffic transit, after the mapping is updated, > > it should be safe to shut down the RLOC gracefully, because > > all sites actively using the mapping should have been updated." > > > Thanks a lot, it reads much better. > > > TYPOS/MINOR >> >> Should the document say anything about mapping changes possibly causing >> re-ordering? >> >> Not sure what do you mean by “re-ordering”, can you articulate? >> > > <de> I was thinking about adding one sentence somewhere something like the > following: > "A change in map version resulting in a change in ETR for a flow can > result in the re-ordering of the packet in the flow just as any other > routing change could cause re-ordering." > > > Yes, that is again absolutely correct. I will add the sentence. > > > Section 1: I think the following should end with "ITR": "If this is not >> the case, the ETR can directly send a Map-Request containing the updated >> mapping to the ETR," >> >> >> Above fixed in -11. >> >> Section 7.2, first sentence just after point 3: Suggest using "MAY" in >> "may be more restrictive." >> >> >> Will be changed in the next revision. >> >> Section A.2.3: "provider edge" pops up here with no other mention or >> explanation anywhere in the draft. >> >> >> Either drop the term or provide some sort of definition/explanation. >> >> >> Provider edge should actually be just “domain" >> > > <de> OK. > >> Section A.2.3: The last two sentences sound like they contradict each >> other. I assume the last sentence is refering to change in the Source >> mapping. Suggest "the mapping" -> "the Source mapping". >> >> >> Yes, is >> >> With this setup, the Proxy-ETR, by looking at the Source Map-Version Number, >> >> is able to check whether the mapping has changed. >> >> > <de> OK. > >> EDITORIAL >> >> Section 1: "This operation is two-fold." -> "This information has two >> uses." >> >> New Section 6: "... MUST consist in an increment ..." -> "... MUST >> consist of an increment ..." >> >> New Section A.2.3: "uRPF" is used only once so the acronym should be >> dropped and only the expansion used. >> >> Will update as suggested in the next revision. >> > > <de> OK. > > > Thanks again for the feedback. > > Ciao > > L. > > > > > <de> Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e3e3@gmail.com > > Thanks again for the review. >> Let me know if the proposed changes address your comments. >> >> Ciao >> >> L. >> >> >> >> >> >> Thanks, >> Donald >> =============================== >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 2386 Panoramic Circle, Apopka, FL 32703 USA >> d3e3e3@gmail.com >> >> >
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Alvaro Retana
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Alvaro Retana
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake