Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <rbonica@juniper.net> Tue, 13 May 2014 17:31 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53CEB1A012F for <lisp@ietfa.amsl.com>; Tue, 13 May 2014 10:31:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.302
X-Spam-Level:
X-Spam-Status: No, score=-102.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjcdKHgdGwxd for <lisp@ietfa.amsl.com>; Tue, 13 May 2014 10:31:55 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0238.outbound.protection.outlook.com [207.46.163.238]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1391A0116 for <lisp@ietf.org>; Tue, 13 May 2014 10:31:55 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by BLUPR05MB626.namprd05.prod.outlook.com (10.141.204.143) with Microsoft SMTP Server (TLS) id 15.0.934.12; Tue, 13 May 2014 17:31:47 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.25]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.25]) with mapi id 15.00.0939.000; Tue, 13 May 2014 17:31:46 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: =?iso-8859-1?Q?Roger_J=F8rgensen?= <rogerj@gmail.com>, Ross Callon <rcallon@juniper.net>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPa58LSm48HWl6Wky1MR3KNHiENZs9MyiAgAD04oCAAJ/u8IAAAtXQ
Date: Tue, 13 May 2014 17:31:45 +0000
Message-ID: <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.14]
x-forefront-prvs: 0210479ED8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(51704005)(189002)(199002)(377454003)(13464003)(83072002)(85852003)(1941001)(79102001)(86362001)(19580405001)(83322001)(76576001)(19580395003)(20776003)(15975445006)(46102001)(101416001)(76482001)(77982001)(87936001)(2656002)(66066001)(80022001)(54356999)(4396001)(99396002)(99286001)(33646001)(74502001)(74662001)(76176999)(50986999)(81342001)(21056001)(74316001)(81542001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR05MB626; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/GfGwE92o6a7C8rClqvvgVK2fg3U
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 17:31:57 -0000

Hi Roger,

Or asked more explicitly, can the level of security claimed by the threats document be achieved without implementing the protocol extensions described in lisp-sec and lisp-crypto?

                                                          Ron


> -----Original Message-----
> From: Ronald Bonica
> Sent: Tuesday, May 13, 2014 1:22 PM
> To: 'Roger Jørgensen'; Ross Callon
> Cc: lisp@ietf.org
> Subject: RE: [lisp] Restarting last call on LISP threats
> 
> Hi Roger,
> 
> Can this draft stand on its own, without integrating content from the
> documents that you reference?
> 
>                                                                                              Ron
> 
> >
> > There exist two draft that are relevant to what you address.
> >
> > You have https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
> > where the payload of a LISP encapsulated packet are encrypted. None of
> > the keys for encrypting/decrypting are stored in the mapping system
> > but is calculated by the xTR's involved.
> > Then you have https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/
> > that attempts to secure the xTR to xTR relationship.
> >
> >
> >
> > --
> >