Re: [lisp] Restarting last call on LISP threats

Damien Saucez <damien.saucez@gmail.com> Tue, 27 May 2014 16:06 UTC

Return-Path: <damien.saucez@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167911A04AF for <lisp@ietfa.amsl.com>; Tue, 27 May 2014 09:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YHlTCNWR_JU for <lisp@ietfa.amsl.com>; Tue, 27 May 2014 09:06:36 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6406E1A0489 for <lisp@ietf.org>; Tue, 27 May 2014 09:06:03 -0700 (PDT)
Received: by mail-wi0-f179.google.com with SMTP id bs8so2013304wib.6 for <lisp@ietf.org>; Tue, 27 May 2014 09:05:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pm4h/bA4toOaykfJYXK6UYeu9NopWzoyVThxhOZlNJQ=; b=GHXskJ317fyfs4bSFBNObsUN2rGmT0/2jGk4Kca7w+uoRfEGbedHtGcot8Hr54p1FM Bk4PPz3hv25QRKvsory8gFY6oWhpV5bvCYl3eqaX+7D8K9mnDHBAPjN/UsIGGTeRLLVD 3Cvq0EQsxPApZ5obNJplrwPrxAvP9ogTyNU+CU4HISLrfttjQfTMmseznU51bT+vpelZ csd5yRap8eviQxKyHbWs/V3NRgi4xAatBeXEX+1yuKAEaJ31/sG1TWVH/sN9G8m7nf84 Lyayec737xQkyCzof6ISzS4xQhsRR2m59VplH3FeoMNuTmtm7gU9oizHmRI69/TfEE1F pK3w==
X-Received: by 10.194.9.8 with SMTP id v8mr42148735wja.53.1401206757262; Tue, 27 May 2014 09:05:57 -0700 (PDT)
Received: from faucon.inria.fr (faucon.inria.fr. [138.96.201.73]) by mx.google.com with ESMTPSA id l2sm9418172wix.13.2014.05.27.09.05.56 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 27 May 2014 09:05:56 -0700 (PDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Damien Saucez <damien.saucez@gmail.com>
In-Reply-To: <5384AB4E.2010208@joelhalpern.com>
Date: Tue, 27 May 2014 18:05:55 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <8F830D21-5689-476C-97E9-7D92A1CBAA28@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com> <860b7987207345afb282a82862ff42c0@CO1PR05MB442.namprd05.prod.outlook.com> <F4799A7A-BAEF-458A-8C43-9DF16C9B7828@gmail.com> <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com> <2CF699DA-2BAA-4A76-BFF1-64625E001184@gmail.com> <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com> <3269BEE4-C3E5-4D76-A1C0-0B70B6928A12@gmail.com> <dd849ce0cca749c885c5b8a1e989f758@CO1PR05MB442.namprd05.prod.outlook.com> <538361DA.10808@joelhalpern.com> <029e0f8bc7ba433ba4d3ee70b8431f9f@CO1PR05MB442.namprd05.prod.outlook.com> <FB6C01EE-2BB8-4848-8AA2-9512F8FE064A@gmail.com> <5384AB4E.2010208@joelhalpern.com>
To: LISP mailing list list <lisp@ietf.org>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/5wI5DEd1UIYaj79K5EPBDhzhMM8
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2014 16:06:38 -0000

Dear all,

Thank you all for the passion you put in discussing the threats
document.  We have read all the arguments and arrived to the
conclusion that the threat document needs to be reshaped so to clear
all misunderstandings.  We will provide a new version for early July
that does not exclude any scenarios.  Actually most of problems
pinpointed are already covered somehow in the document but
precisions/rephrasing have to be done to make things clear.

For the sake of efficiency, while writing the new proposal in the
coming weeks, we will make point-to-point exchanges with the different
people that contributed to the discussion so to be sure that we
address all their comments.

Thanks,

Damien Saucez

On 27 May 2014, at 17:12, Joel M. Halpern <jmh@joelhalpern.com> wrote:

> Can we please not get into a debate about how well BCP38 is or is not deployed, whether violations are remotely detectable, ...This is NOT the working group for that.
> 
> For our purposes, given that source address forging is known to occur, we have to allow it in the threat analysis.
> 
> Yours,
> Joel
> 
> On 5/27/14, 11:04 AM, Dino Farinacci wrote:
>> 
>>> Also, recall that large BCP38 holes exist in today's internet.
>> 
>> And I am going to repeat again, this is not a binary statement. That is, if a BCP38 hole exists in one part of the network, source spoofing can still be detected in other parts of the network.
>> 
>> Dino
>> 
>>