Re: [lisp] Restarting last call on LISP threats

Roger Jørgensen <rogerj@gmail.com> Wed, 14 May 2014 07:59 UTC

Return-Path: <rogerj@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50C01A0275 for <lisp@ietfa.amsl.com>; Wed, 14 May 2014 00:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KV8VYuAdcwyt for <lisp@ietfa.amsl.com>; Wed, 14 May 2014 00:58:59 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) by ietfa.amsl.com (Postfix) with ESMTP id 05A711A0235 for <lisp@ietf.org>; Wed, 14 May 2014 00:58:58 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id n15so7548605wiw.3 for <lisp@ietf.org>; Wed, 14 May 2014 00:58:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=vBNPgxaw3kM4o50HTf90Tff1yNnX3y+Ia0lELKSfX/k=; b=oauMopm38rNSio4PG/FOY5F+XazgPH6/MGqzONAxthgxGK2D4ywymfvS+dEKVnlt4W Spb5jkqGtx95xJ0k1HKL+fldu/38VFDsqpxiQd1vf8APR5Yx5FsL7yNarWQUBKkJSnLP 30LTvWs0WpvWyQmqzXT+/AnRJWTRGsYUKt5pHdgk4uq9X3PnvelK3+QO2cw9Wv5zcPgy EDBwQ2xsGJWQgWgoeOEfIfJIZ8xUiXO6GlKBOAjd6uATCO84wQmjtQEmuOi+CNJF5Qjg iWTiMwH2+cV6AISC/DHlCzempXTzlDwPe/URcXus5dCYonl7yCoclpm4AA4/XAc3yMv9 HvSw==
MIME-Version: 1.0
X-Received: by 10.180.80.232 with SMTP id u8mr24865181wix.13.1400054331912; Wed, 14 May 2014 00:58:51 -0700 (PDT)
Received: by 10.216.210.6 with HTTP; Wed, 14 May 2014 00:58:51 -0700 (PDT)
In-Reply-To: <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Wed, 14 May 2014 09:58:51 +0200
Message-ID: <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com>
From: =?UTF-8?Q?Roger_J=C3=B8rgensen?= <rogerj@gmail.com>
To: Ronald Bonica <rbonica@juniper.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/6W-UYVuCO95NnUv8xGS9mCNwUqE
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 07:59:00 -0000

On Tue, May 13, 2014 at 7:31 PM, Ronald Bonica <rbonica@juniper.net> wrote:
> Hi Roger,
>
> Or asked more explicitly, can the level of security claimed by the threats document be achieved without implementing the protocol extensions described in lisp-sec and lisp-crypto?

I've been pondering on what to answer you since yesterday but think
the reply from Joel cover it well. However as an addon to Joel and
partly reply to your question, see more inline.


On Tue, May 13, 2014 at 11:56 PM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
> Ron, I am having trouble with the question.
>
> The threats document describes the threats as they exist today, without the
> adoption of either document that Roger pointed to.  Thus, I do not see any
> dependence.
>
> If there is a threat that is not well described in the base spec or this
> document, then we should add it.  We should add it even if there are
> proposals to remediate it.  But if there is a clear proposal of a missing
> threat, I missed it.

Your question made me question the purpose of the LISP threats draft -
should it cover potential problem with RFC6830 and include pointers to
other work that cover them? That will include we'll get a document
that will be updated over time and is that a good thing?

The other way to look at LISP threats document is to have it as a
"review" of RFC6830, point out weaknesses and discuss them but with no
references to other documents. It will be a upstream document that we
can refer to from like the two draft I mention.

I don't think LISP threat should point to the two draft I mention, but
both drafts should have a reference to LISP threat since this will be
create a more stable threat document.



Then Dino mention:

On Tue, May 13, 2014 at 7:47 PM, Dino Farinacci <farinacci@gmail.com> wrote:
<snip>
> The main LISP spec (RFC6830) indicates if you want to trust the mapping system you can use the gleaned information as soon as you receive it. And if you don't trust the mapping system, you can send a "verifying Map-Request" to the mapping system which results in a signed Map-Reply returned ala draft-ietf-lisp-sec-06.


Is this covered in the document? I didn't see it but it's still early here...



-- 

Roger Jorgensen           | ROJO9-RIPE
rogerj@gmail.com          | - IPv6 is The Key!
http://www.jorgensen.no   | roger@jorgensen.no