[lisp] Comments on draft-ietf-lisp-eid-anonymity-00
"Rene 'Renne' Bartsch, B.Sc. Informatics" <ietf@bartschnet.de> Wed, 25 October 2017 07:41 UTC
Return-Path: <ietf@bartschnet.de>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9099113A5A3 for <lisp@ietfa.amsl.com>; Wed, 25 Oct 2017 00:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLeXwhaLJ_E9 for <lisp@ietfa.amsl.com>; Wed, 25 Oct 2017 00:41:10 -0700 (PDT)
Received: from mail.core-networks.de (mail.core-networks.de [IPv6:2001:1bc0:d::4:9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5C89139950 for <lisp@ietf.org>; Wed, 25 Oct 2017 00:41:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.core-networks.de id 1e7GJG-0001iN-QY with ESMTPSA (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) for lisp@ietf.org; Wed, 25 Oct 2017 09:41:08 +0200
To: IETF <lisp@ietf.org>
From: "Rene 'Renne' Bartsch, B.Sc. Informatics" <ietf@bartschnet.de>
Message-ID: <c3cca9bd-ef06-2175-c31c-5fb53cd33195@bartschnet.de>
Date: Wed, 25 Oct 2017 09:41:06 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: de-DE
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Awljtj-ebY4XyMr43b54b25ZyJI>
Subject: [lisp] Comments on draft-ietf-lisp-eid-anonymity-00
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 07:41:12 -0000
Hi,
'draft-ietf-lisp-eid-anonymity-00' does not mention any authentication
of the LISP-nodes/xTRs with the map-servers.
That way a Man-In-The-Middle-Attack can be run by sending bogus
map-requests with the MITM-attacker's RLOCs.
I suggest to allow only CGA-addresses.
Benefits:
1. Privacy: Dynamic eEIDs by re-keying
2. Reachability: Static eEIDs by static key-pairs allow direct
connections without third-party services relaying (e.g. Facebook ;-) )
3. Security:
1. Signed map-requests
2. eEID-based authentication/authorization with static keypairs
facilitates administration
(e.g. road-warrior authentication/authorization can be done with
a firewall by eEID filtering
without any upper-layer authentication/authorization like
usernames/passwords involved)
Privacy/security considerations:
1. Don't use dynamic and static eEIDs on the same RLOC!
2. Always use payload encryption to avoid deanonymisation by
Deep-Packet-Inspection
Regards,
Renne
- [lisp] Comments on draft-ietf-lisp-eid-anonymity-… Rene 'Renne' Bartsch, B.Sc. Informatics
- Re: [lisp] Comments on draft-ietf-lisp-eid-anonym… Dino Farinacci