Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Wed, 13 July 2022 21:06 UTC
Return-Path: <rdd@cert.org>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F2AC188735; Wed, 13 Jul 2022 14:06:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOgri0sunmAZ; Wed, 13 Jul 2022 14:06:03 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0106.outbound.protection.office365.us [23.103.208.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A915C1A5D0D; Wed, 13 Jul 2022 14:06:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=1Tl9pUf2LFMeCBemXLQCP0KjrFW8XSi4Y68WF22ZiB41pNlZUEUpbXc0PWZkaYLHjNGltRrEh+BDV6C5+KAHPlHEFLVu8di8rj9d1idqr7qpjNqQPFi/9KULAOSsYHy9gftVSdplJ8/yx3sMWPnhN7FU/RNpAfY7JPaXyUx+xPAHiuSQDZyQI9oQjKAoxx1kP4w8nybRvkpnYF2/vxWVBCQZhtMUOqzDMA6A0WkTjaIbQgiRSf4jCYzf0MbcWoq1TlzSl6eNi1cTxHZP2oIwh1EaMOIwSDUKy9wkwNULQmTZ/aKT0HAtNMBq/iBukfVs8XD3uGgMG3lR0DP730KqCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TEWikJqn4Vrd7k5NA2abtALFtq3C+8blEt7oCPUEC08=; b=cgZ/U7p2An8NxJ3ED3eo2TP980KRGoCJ0kmBxdPuVM34OgyatjxFGEAa1dr0vv2Y/KGjhEYsL3W4j3XZ8RqXyfpdbHnxGDxwgEP/pPllKy6J9NvJOsSCVYBd+/8Xz0Fmi6gFktEe4MZ4ql77c3jdWEL8WbK94AQIj32O6D14OzMC05IEcpcBDOZCGc1pGrVJmfRJ01hgLqV1p6lhYg3kskTKhWxoTET+CalJB2DiphJwe/MYsVomcsSg9HAS/Ud/woxqirXIMiF1CTmMxlE9s5GlreaVKDiByIAfN078GkSIw/u99Bpj+pmTEwJxMeU3zPIKkjIhrBxWQAx4yruLng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TEWikJqn4Vrd7k5NA2abtALFtq3C+8blEt7oCPUEC08=; b=MhkR8HsUC9wdevA7ZRXdEMTOl7NPwLPx0a8SdVgH2NxMPwixVS+b3ZjDSvB0vlrN1mH0tOJICtCSfRwReUCyAK+2R85yJD//Sb9MEN5JYdNwTZFUv8ys39HU5wFmgBLilCYKr2NMP4Gbg1cGfB33qLNvCB4MnJ7dLS8O4LVNA/Y=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1256.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.25; Wed, 13 Jul 2022 21:05:58 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::61c5:afc3:7804:7d27]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::61c5:afc3:7804:7d27%3]) with mapi id 15.20.5417.026; Wed, 13 Jul 2022 21:05:58 +0000
From: Roman Danyliw <rdd@cert.org>
To: Luigi Iannone <ggx@gigix.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-lisp-6834bis@ietf.org" <draft-ietf-lisp-6834bis@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>, Padma Pillay-Esnault <padma.ietf@gmail.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)
Thread-Index: AQHYdekheX/3Y9v+sE+8zDz4NaGS+607/1sAgEENXWA=
Date: Wed, 13 Jul 2022 21:05:58 +0000
Message-ID: <BN2P110MB1107B85D366737C039821BAFDC899@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <165410969249.3358.8914059517324092461@ietfa.amsl.com> <ACF25D3F-DF8B-44E9-9C6B-0753ACB163A8@gigix.net>
In-Reply-To: <ACF25D3F-DF8B-44E9-9C6B-0753ACB163A8@gigix.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab0da0b2-ba45-4aef-f08c-08da65137c14
x-ms-traffictypediagnostic: BN2P110MB1256:EE_
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EkJjyge57+5nJrAfWK7IaFXXrIHF/XzqVFWc6SD4IoQE/UFfvF32FcCapnVQ1+PUaiXU0hqhVcCAf3wu0m3cfjvvWXEivoy8Wij3bJ2rW3rjYSgY7R6x2pmOATAL0lVT5asR0E6E0Qx8/F6mCZ1ULTqg8PZ8IKcxdX8IgyJe5FdNZZ2BuQjUFaIwlcl+jvAQxIYGpFDNel/uhqv0jPGj8Y9pWFNiNoitzHKvSHKxt/aWPiOyaJ2UEh576JnuRQ8Zd2kxTHxgdMxsxv2d02kkJ+wXlqf4us9++OSgoK9dMAeCO3dSncXXfiXRj9wZqv3pVD5y1ST3v5eGLF80czDgD4MWjIfH6ba/D7yj5g5l0iIY9nhPyFUMtY2HXTRM/V/QaGkD6TYXK06tZtTBGG9vfFXA9IKvw3Fc42fpltDI3p03g+spnW+5Jwug6pEqpnQt3Ec/1u37Po46eniZ5THDLfkuiTrItNWUgSecpQ734f+Ok51srwjfoBTUTOvFB8hzeAnEmRJjngtmAXbRPJ6cv5D2eRrLoNzGnCjX06MbsdNubMgZMyFSCeM7YtWOeqUCpQ22sYzoy0979ChbFwKhyLxByVH9KP5Dwbqf4ozM2aeUCwdefW7iqu5KWkjmZXrekmBU/89YgbXwqbGIlamWXfZYw7pD+pBIk8H7jr32MsPgUM40JESX6HXWPSouXc6OrNIcNIHuR63+YsR1TjeorMt2F1KVCywvjal0U6Tz5AcwDJ7aDgkBP5vikYdWqDcN
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(55016003)(83380400001)(66574015)(122000001)(86362001)(82960400001)(166002)(33656002)(38070700005)(38100700002)(8936002)(5660300002)(498600001)(52536014)(2906002)(966005)(6916009)(54906003)(71200400001)(4326008)(64756008)(8676002)(76116006)(66556008)(66476007)(66446008)(186003)(66946007)(53546011)(9686003)(26005)(6506007)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eEMez2RefGQKZyRTf/yRZ5v7Kz1V72N7hwa8hfOPVK7Lc1wraXm3o7gpmQfTbSB+SL3a6pTKWOQqVxEMQOYq3lwB7dt0OFEt+p0LhJfAxuH6goW2B8UF3+fN4z4TCRt7Wo1pvs/NY4TVrn1m1sDwcfOo0WfQZ5BTrPxE/abO1HxFM3gVh/DzUdD0eoJFq4OieJ72IsaijIuz18cno0DX7e6W/GG2CRkZ+ELgTbcBrcWSze3quv0I/H6i2YIEWm0QfnCeWqLu5gqieAhj85+YhOQC8M+OVVsrAZEQhI2416RcWusWPyTBI9BviOOjDEYM5Zw2Rv3snjRg3meDBdobtRyVMqyKRWSWU7INH3D5Pp3WuXJDkSTwTqdmUPTibG/JI6/pzF+vjz4mATezlKG3D5UEVyADGAY15yGEXOjYYlo=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB1107B85D366737C039821BAFDC899BN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ab0da0b2-ba45-4aef-f08c-08da65137c14
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2022 21:05:58.6408 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1256
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/rlj1Qh3N0pVVDcr_4ZTbqa9w74s>
Subject: Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2022 21:06:07 -0000
Hi Luigi! Thanks for the updated text in -13/-14. It addresses my DISCUSS feedback. I’ve cleared m ballot. Roman From: Luigi Iannone <ggx@gigix.net> Sent: Thursday, June 2, 2022 7:41 AM To: Roman Danyliw <rdd@cert.org> Cc: The IESG <iesg@ietf.org>; draft-ietf-lisp-6834bis@ietf.org; lisp-chairs@ietf.org; lisp@ietf.org list <lisp@ietf.org>; Padma Pillay-Esnault <padma.ietf@gmail.com> Subject: Re: Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT) Hi Roman, Thank you very much for your review. Please see my comments inline. On 1 Jun 2022, at 20:54, Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Roman Danyliw has entered the following ballot position for draft-ietf-lisp-6834bis-12: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-6834bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- On the -11 document, I initial wrote the following: The SECDIR review by Donald Eastlake asked about handling roll-over/wrap-around of the Map Version Number. Specifically, can a “Map Version Number advance[e] … so quickly that an old version number is encountered that appears to be newer than or equal to the current version number. Why can't this happen? Or if it can, why doesn't that hurt?” It would appear that a number of the conclusions of the ITR or ETR on arriving packets in Section 7.1 and 7.2 wouldn’t be correct. I then saw the -12 document published on June 1 which added the following text to Section 7: Map Version Number incrementing and mappings' TTL MUST be managed so that an old version number will not be confused as a new version number. Thank you for adding this text. Practically, this identifies the desired intent, but doesn’t seem describe the mechanics. Yes, you are right. We were discussing this with Donald and Alvaro as well. Can more be said about how this confusion will be mitigated at the ITR/ETRs? I also don't follow how to use the TTLs here. In revision -13 the previous text has been changed in: Mapping updates, and their corresponding Map Version Number must be managed so that a very old version number will not be confused as a new version number (because of the circular numbering space). To this end simple measures can be taken, like updating a mapping only when all active traffic is using the latest version, or waiting sufficient time to be sure that mapping in LISP caches expire, which means waiting at least as much as the mapping Time-To-Live (as defined in <xref target="I-D.ietf-lisp-rfc6833bis"/>). Do you consider this text enough? Consider the situation that Donald noted where the Map Version advanced so quickly that it wraps around so that: (a) the new Map Version Number value equals the old Map Version Number. If one followed the guidance in Section 7.1 of: 1. The packet arrives with the same Dest Map-Version number stored in the EID-to-RLOC Database. This is the regular case. The ITR sending the packet has in its EID-to-RLOC Map-Cache an up-to-date mapping. No further actions are needed. It would seem that the ITR wouldn’t do a Map-Request and would misroute the packet based on the old mapping. That is correct. But if you operate as suggested in the new text this situation will not happen. (b) the new Map Version Number is now smaller (but in fact fresher/newer) If one followed the guidance of Section 7.1. of: 3. The packets arrive with a Dest Map-Version number smaller (i.e., older) than the one stored in the EID-to-RLOC Database. This means that the ITR sending the packet has an old mapping in its EID-to-RLOC Map-Cache containing stale information. Per bullet #3, if there was wrap-around would the ITR in fact be sending stale mapping information? This is just me overlooking previous comments. The text should be in the same form as the second bullet. In revision -13 it is now: The packet arrives with a Dest Map-Version number older (as defined in Section 6) than the one stored in the EID-to-RLOC Database. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Donald Eastlake for the SECDIR review. I support Paul Wouter’s DISCUSS position. IMO that DISCUSS was fixed in revision -12 already. I copy at the end of this mail my answer to Paul (I did not receive anything back from him yet). Thanks again. Please let me know if revision -13 addresses your concerns. Ciao Luigi ----------------- Hi Paul, I understand the concerns, but I think you did not read revision -12 of the document. Please see inline. On 1 Jun 2022, at 17:43, Paul Wouters via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Paul Wouters has entered the following ballot position for draft-ietf-lisp-6834bis-12: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-6834bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Changed my comments to a DISCUSS, as Donald Eastlake also pointed these out in his secdir review, and I am now convinced we need better text to address this. #1 map-version rollover is defined (to skip the 0 version) but I also see: The packet arrives with a Dest Map-Version number greater (i.e., newer) than the one stored in the EID-to-RLOC Database. Since the ETR is authoritative on the mapping, meaning that the Map- Version number of its mapping is the correct one This would imply rollover to a smaller number is not expected to occur ? The text is now: The packet arrives with a Dest Map-Version number newer (as defined in Section 6<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#section-6>) than the one stored in the EID-to-RLOC Database. Since the ETR is authoritative on the mapping, meaning that the Map-Version number of its mapping is the correct one, this implies that someone is not behaving correctly with respect to the specifications. In this case, the packet carries a version number that is not valid and packet MUST be silently dropped. #2 MUST NOT or SHOULD ? Map-Versioning MUST NOT be used over the public Internet and SHOULD only be used in trusted and closed deployments. This sentence seems to contradict itself. I would turn the SHOULD into a MUST The first paragraph of Section 8 “Security Considerations” is now: This document builds on the specification and operation of the LISP control and data planes. The Security Considerations of [I-D.ietf-lisp-rfc6830bis<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#ref-I-D.ietf-lisp-rfc6830bis>] and [I-D.ietf-lisp-rfc6833bis<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#ref-I-D.ietf-lisp-rfc6833bis>] apply and, as such, Map-Versioning MUST NOT be used over the public Internet and MUST only be used in trusted and closed deployments. A thorough security analysis of LISP is documented in [RFC7835<https://datatracker.ietf.org/doc/html/rfc7835>]. As you can see the SHOULD is already changed in a MUST. Do you consider that the above address your concerns? Ciao L.
- [lisp] Roman Danyliw's Discuss on draft-ietf-lisp… Roman Danyliw via Datatracker
- Re: [lisp] Roman Danyliw's Discuss on draft-ietf-… Luigi Iannone
- Re: [lisp] Roman Danyliw's Discuss on draft-ietf-… Alvaro Retana
- Re: [lisp] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw