IETF Logo Mail Archive

Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Dino Farinacci <farinacci@gmail.com> Mon, 09 September 2013 02:04 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F0411E8139 for <lisp@ietfa.amsl.com>; Sun, 8 Sep 2013 19:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Su0glB4qGINa for <lisp@ietfa.amsl.com>; Sun, 8 Sep 2013 19:04:28 -0700 (PDT)
Received: from mail-pd0-x229.google.com (mail-pd0-x229.google.com [IPv6:2607:f8b0:400e:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id A810C11E810C for <lisp@ietf.org>; Sun, 8 Sep 2013 19:04:28 -0700 (PDT)
Received: by mail-pd0-f169.google.com with SMTP id r10so5578365pdi.14 for <lisp@ietf.org>; Sun, 08 Sep 2013 19:04:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8iKjM4NM41Edtyn3YFBCwZe5sMz3O9FNPHB+3l9ejp8=; b=bTPkdcIumsLY9aOWkDY0tos416iQjOShrAjTSSC/Z0w++1aPNVsbl6qGPqSVOZx9sf LqoXaK3+07uXtFqSyrV3OTAO3KnwdYJ8pJLQT11YgemzC5hjTjDfZ+1VuK2eU7oLEHWq 4m/a22lrLDveVa/b8AiOQLcyi1pq7O2DK5kSX9hx/PgIljgbc9jsCnVAQ3nlaVzao08z waIVNrCWD420FV16gogbG3amMF5igUROUNiIAlsMkB9q+2a58kDqa8ukt6GVgyLGGERV 2zFqdhfz8CTxsdNcOo1Ec7EV0SQHptytoMkdxgfqAPaEZGqQDVp/KvvS+Ypx8FhsWbLW C6+Q==
X-Received: by 10.66.175.133 with SMTP id ca5mr17655252pac.40.1378692268394; Sun, 08 Sep 2013 19:04:28 -0700 (PDT)
Received: from [192.168.1.10] (173-8-188-29-SFBA.hfc.comcastbusiness.net. [173.8.188.29]) by mx.google.com with ESMTPSA id pu5sm14010321pac.21.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 08 Sep 2013 19:04:27 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <4ABB752A36221949A095CDE2C6DBB1C80982EC23@xmb-aln-x12.cisco.com>
Date: Sun, 08 Sep 2013 19:04:25 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <656FC147-9E4A-45A9-8ECF-9CEBB114696F@gmail.com>
References: <20130908140433.D217D18C0CE@mercury.lcs.mit.edu> <281739A7-17F1-494A-8667-94C3F258C072@fortinet.com> <4ABB752A36221949A095CDE2C6DBB1C80982EC23@xmb-aln-x12.cisco.com>
To: "Michiel Blokzijl (mblokzij)" <mblokzij@cisco.com>
X-Mailer: Apple Mail (2.1508)
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 02:04:29 -0000

> I think it would actually be quite interesting to use "standard" public key encryption, rather than symmetric encryption in LISP. This would reduce the need for negotiations, not require pairs of ITRs and ETRs to share the same map server, etc. Admittedly it might not be practical for other reasons.. (may need to store lots of large keys, might be too slow, etc)

Correct. If we don't start with the above assumptions, anything else will be too complicated to implement and deploy and therefore, corners will be cut, and insecurity will continue.

> Here's one way to do it:
> You could easily attaching a PGP key id to the RLOCs in the mapping record returned in map-replies. When an ITR receives a map-reply, the ITR could grab the public key from one of the well-known keyservers, and use that public key for encrypting traffic to that ETR.

Do you not want to solve man-in-the-middle attacks? Is this recommendation solely for providing data privacy?

Dino

> 
> Best regards,
> 
> Michiel
> 
> On 8 Sep 2013, at 16:04, Edward Lopez <elopez@fortinet.com>
> wrote:
> 
>> Key generation/management/distribution would be the real difficulty.  It would be desirable to use symmetric encryption (Ex. AES256) to encrypt LISP payloads.  Therefore, we use certs & asymmetric encryption (some form of ECC) at the time of xTR registration to provide a method to distribute keys to authenticated site members.
>> 
>> Another consideration is to encrypt just the EID header, and have EIDs use IPSec (thus LISP would in effect encrypt the outer IPSec ESP header).  Someone in the RLOC space would then require two keys to decrypt the message fully, and the encryption load would be distributed between EIDs and xTRs
>> 
>> Ed Lopez
>> 
>> Sent from my iPhone ... Sorry for any auto-correct errors
>> 
>> On Sep 8, 2013, at 10:04 AM, "Noel Chiappa" <jnc@mercury.lcs.mit.edu> wrote:
>> 
>>>> From: Marc Binderberger <marc@sniff.de>
>>> 
>>>> Lisp is separating Identity from Location but this doesn't mean the
>>>> RLOC can not be used to identify you. In case of static setups this is
>>>> obvious, take the RLOC, go to the ISP, get the (physical) address and
>>>> name.
>>> 
>>> Err, that would get the address and name of the ITR, not the actual source
>>> host.
>>> 
>>> Depending on all sorts of factors, that plus the encrypted packet _might_ get
>>> them the identity of the actual originator (not, for example, if the ITR has
>>> discarded the key used to encrypt the packet by the time the subpoena
>>> arrives...)
>>> 
>>>  Noel
>>> _______________________________________________
>>> lisp mailing list
>>> lisp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lisp
>> 
>> ***  Please note that this message and any attachments may contain confidential 
>> and proprietary material and information and are intended only for the use of 
>> the intended recipient(s). If you are not the intended recipient, you are hereby 
>> notified that any review, use, disclosure, dissemination, distribution or copying 
>> of this message and any attachments is strictly prohibited. If you have received 
>> this email in error, please immediately notify the sender and destroy this e-mail 
>> and any attachments and all copies, whether electronic or printed.
>> Please also note that any views, opinions, conclusions or commitments expressed 
>> in this message are those of the individual sender and do not necessarily reflect 
>> the views of Fortinet, Inc., its affiliates, and emails are not binding on 
>> Fortinet and only a writing manually signed by Fortinet's General Counsel can be 
>> a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
>> 
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email