Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)

Roman Danyliw <rdd@cert.org> Wed, 13 July 2022 21:06 UTC

Return-Path: <rdd@cert.org>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F2AC188735; Wed, 13 Jul 2022 14:06:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOgri0sunmAZ; Wed, 13 Jul 2022 14:06:03 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0106.outbound.protection.office365.us [23.103.208.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A915C1A5D0D; Wed, 13 Jul 2022 14:06:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=1Tl9pUf2LFMeCBemXLQCP0KjrFW8XSi4Y68WF22ZiB41pNlZUEUpbXc0PWZkaYLHjNGltRrEh+BDV6C5+KAHPlHEFLVu8di8rj9d1idqr7qpjNqQPFi/9KULAOSsYHy9gftVSdplJ8/yx3sMWPnhN7FU/RNpAfY7JPaXyUx+xPAHiuSQDZyQI9oQjKAoxx1kP4w8nybRvkpnYF2/vxWVBCQZhtMUOqzDMA6A0WkTjaIbQgiRSf4jCYzf0MbcWoq1TlzSl6eNi1cTxHZP2oIwh1EaMOIwSDUKy9wkwNULQmTZ/aKT0HAtNMBq/iBukfVs8XD3uGgMG3lR0DP730KqCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TEWikJqn4Vrd7k5NA2abtALFtq3C+8blEt7oCPUEC08=; b=cgZ/U7p2An8NxJ3ED3eo2TP980KRGoCJ0kmBxdPuVM34OgyatjxFGEAa1dr0vv2Y/KGjhEYsL3W4j3XZ8RqXyfpdbHnxGDxwgEP/pPllKy6J9NvJOsSCVYBd+/8Xz0Fmi6gFktEe4MZ4ql77c3jdWEL8WbK94AQIj32O6D14OzMC05IEcpcBDOZCGc1pGrVJmfRJ01hgLqV1p6lhYg3kskTKhWxoTET+CalJB2DiphJwe/MYsVomcsSg9HAS/Ud/woxqirXIMiF1CTmMxlE9s5GlreaVKDiByIAfN078GkSIw/u99Bpj+pmTEwJxMeU3zPIKkjIhrBxWQAx4yruLng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TEWikJqn4Vrd7k5NA2abtALFtq3C+8blEt7oCPUEC08=; b=MhkR8HsUC9wdevA7ZRXdEMTOl7NPwLPx0a8SdVgH2NxMPwixVS+b3ZjDSvB0vlrN1mH0tOJICtCSfRwReUCyAK+2R85yJD//Sb9MEN5JYdNwTZFUv8ys39HU5wFmgBLilCYKr2NMP4Gbg1cGfB33qLNvCB4MnJ7dLS8O4LVNA/Y=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1256.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.25; Wed, 13 Jul 2022 21:05:58 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::61c5:afc3:7804:7d27]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::61c5:afc3:7804:7d27%3]) with mapi id 15.20.5417.026; Wed, 13 Jul 2022 21:05:58 +0000
From: Roman Danyliw <rdd@cert.org>
To: Luigi Iannone <ggx@gigix.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-lisp-6834bis@ietf.org" <draft-ietf-lisp-6834bis@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>, Padma Pillay-Esnault <padma.ietf@gmail.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)
Thread-Index: AQHYdekheX/3Y9v+sE+8zDz4NaGS+607/1sAgEENXWA=
Date: Wed, 13 Jul 2022 21:05:58 +0000
Message-ID: <BN2P110MB1107B85D366737C039821BAFDC899@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <165410969249.3358.8914059517324092461@ietfa.amsl.com> <ACF25D3F-DF8B-44E9-9C6B-0753ACB163A8@gigix.net>
In-Reply-To: <ACF25D3F-DF8B-44E9-9C6B-0753ACB163A8@gigix.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab0da0b2-ba45-4aef-f08c-08da65137c14
x-ms-traffictypediagnostic: BN2P110MB1256:EE_
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EkJjyge57+5nJrAfWK7IaFXXrIHF/XzqVFWc6SD4IoQE/UFfvF32FcCapnVQ1+PUaiXU0hqhVcCAf3wu0m3cfjvvWXEivoy8Wij3bJ2rW3rjYSgY7R6x2pmOATAL0lVT5asR0E6E0Qx8/F6mCZ1ULTqg8PZ8IKcxdX8IgyJe5FdNZZ2BuQjUFaIwlcl+jvAQxIYGpFDNel/uhqv0jPGj8Y9pWFNiNoitzHKvSHKxt/aWPiOyaJ2UEh576JnuRQ8Zd2kxTHxgdMxsxv2d02kkJ+wXlqf4us9++OSgoK9dMAeCO3dSncXXfiXRj9wZqv3pVD5y1ST3v5eGLF80czDgD4MWjIfH6ba/D7yj5g5l0iIY9nhPyFUMtY2HXTRM/V/QaGkD6TYXK06tZtTBGG9vfFXA9IKvw3Fc42fpltDI3p03g+spnW+5Jwug6pEqpnQt3Ec/1u37Po46eniZ5THDLfkuiTrItNWUgSecpQ734f+Ok51srwjfoBTUTOvFB8hzeAnEmRJjngtmAXbRPJ6cv5D2eRrLoNzGnCjX06MbsdNubMgZMyFSCeM7YtWOeqUCpQ22sYzoy0979ChbFwKhyLxByVH9KP5Dwbqf4ozM2aeUCwdefW7iqu5KWkjmZXrekmBU/89YgbXwqbGIlamWXfZYw7pD+pBIk8H7jr32MsPgUM40JESX6HXWPSouXc6OrNIcNIHuR63+YsR1TjeorMt2F1KVCywvjal0U6Tz5AcwDJ7aDgkBP5vikYdWqDcN
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(55016003)(83380400001)(66574015)(122000001)(86362001)(82960400001)(166002)(33656002)(38070700005)(38100700002)(8936002)(5660300002)(498600001)(52536014)(2906002)(966005)(6916009)(54906003)(71200400001)(4326008)(64756008)(8676002)(76116006)(66556008)(66476007)(66446008)(186003)(66946007)(53546011)(9686003)(26005)(6506007)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eEMez2RefGQKZyRTf/yRZ5v7Kz1V72N7hwa8hfOPVK7Lc1wraXm3o7gpmQfTbSB+SL3a6pTKWOQqVxEMQOYq3lwB7dt0OFEt+p0LhJfAxuH6goW2B8UF3+fN4z4TCRt7Wo1pvs/NY4TVrn1m1sDwcfOo0WfQZ5BTrPxE/abO1HxFM3gVh/DzUdD0eoJFq4OieJ72IsaijIuz18cno0DX7e6W/GG2CRkZ+ELgTbcBrcWSze3quv0I/H6i2YIEWm0QfnCeWqLu5gqieAhj85+YhOQC8M+OVVsrAZEQhI2416RcWusWPyTBI9BviOOjDEYM5Zw2Rv3snjRg3meDBdobtRyVMqyKRWSWU7INH3D5Pp3WuXJDkSTwTqdmUPTibG/JI6/pzF+vjz4mATezlKG3D5UEVyADGAY15yGEXOjYYlo=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB1107B85D366737C039821BAFDC899BN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ab0da0b2-ba45-4aef-f08c-08da65137c14
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2022 21:05:58.6408 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1256
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/rlj1Qh3N0pVVDcr_4ZTbqa9w74s>
Subject: Re: [lisp] Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2022 21:06:07 -0000

Hi Luigi!

Thanks for the updated text in -13/-14.  It addresses my DISCUSS feedback.  I’ve cleared m ballot.

Roman

From: Luigi Iannone <ggx@gigix.net>
Sent: Thursday, June 2, 2022 7:41 AM
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>rg>; draft-ietf-lisp-6834bis@ietf.org; lisp-chairs@ietf.org; lisp@ietf.org list <lisp@ietf.org>rg>; Padma Pillay-Esnault <padma.ietf@gmail.com>
Subject: Re: Roman Danyliw's Discuss on draft-ietf-lisp-6834bis-12: (with DISCUSS and COMMENT)

Hi Roman,

Thank you very much for your review.

Please see my comments inline.


On 1 Jun 2022, at 20:54, Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:

Roman Danyliw has entered the following ballot position for
draft-ietf-lisp-6834bis-12: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-6834bis/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

On the -11 document, I initial wrote the following: The SECDIR review by Donald
Eastlake asked about handling roll-over/wrap-around of the Map Version Number.
Specifically, can a “Map Version Number advance[e] … so quickly that an old
version number is encountered that appears to be newer than or equal to the
current version number. Why can't this happen? Or if it can, why doesn't that
hurt?”  It would appear that a number of the conclusions of the ITR or ETR on
arriving packets in Section 7.1 and 7.2 wouldn’t be correct.

I then saw the -12 document published on June 1 which added the following text
to Section 7:
  Map Version Number incrementing
  and mappings' TTL MUST be managed so that an old version number will
  not be confused as a new version number.

Thank you for adding this text.  Practically, this identifies the desired
intent, but doesn’t seem describe the mechanics.

Yes, you are right. We were discussing this with Donald and Alvaro as well.



 Can more be said about how
this confusion will be mitigated at the ITR/ETRs?  I also don't follow how to
use the TTLs here.

In revision -13 the previous text has been changed in:

Mapping updates, and their corresponding Map Version Number must be managed so that a very old version number will not be confused as a new version number (because of the circular numbering space). To this end simple measures can be taken, like updating a mapping only when all active traffic is using the latest version, or waiting sufficient time to be sure that mapping in LISP caches expire, which means waiting at least as much as the mapping Time-To-Live (as defined in <xref target="I-D.ietf-lisp-rfc6833bis"/>).

Do you consider this text enough?



Consider the situation that Donald noted where the Map Version advanced so
quickly that it wraps around so that:

(a) the new Map Version Number value equals the old Map Version Number.  If one
followed the guidance in Section 7.1 of:
  1.  The packet arrives with the same Dest Map-Version number stored
      in the EID-to-RLOC Database.  This is the regular case.  The ITR
      sending the packet has in its EID-to-RLOC Map-Cache an up-to-date
      mapping.  No further actions are needed.

It would seem that the ITR wouldn’t do a Map-Request and would misroute the
packet based on the old mapping.

That is correct.
But if you operate as suggested in the new text this situation will not happen.




(b) the new Map Version Number is now smaller (but in fact fresher/newer)  If
one followed the guidance of Section 7.1. of:

3.  The packets arrive with a Dest Map-Version number smaller (i.e.,
      older) than the one stored in the EID-to-RLOC Database.  This
      means that the ITR sending the packet has an old mapping in its
      EID-to-RLOC Map-Cache containing stale information.

Per bullet #3, if there was wrap-around would the ITR in fact be sending stale
mapping information?

This is just me overlooking previous comments.
The text should be in the same form as the second bullet.
In revision -13 it is now:

The packet arrives with a Dest Map-Version number older (as
       defined in Section 6) than the one stored in the EID-to-RLOC
       Database.






----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Donald Eastlake for the SECDIR review.

I support Paul Wouter’s DISCUSS position.

IMO that DISCUSS was fixed in revision -12 already.
I copy at the end of this mail my answer to Paul (I did not receive anything back from him yet).

Thanks again.

Please let me know if revision -13 addresses your concerns.

Ciao

Luigi

-----------------
Hi Paul,

I understand the concerns, but I think you did not read revision -12 of the document.
Please see inline.


On 1 Jun 2022, at 17:43, Paul Wouters via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:

Paul Wouters has entered the following ballot position for
draft-ietf-lisp-6834bis-12: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-6834bis/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Changed my comments to a DISCUSS, as Donald Eastlake also pointed these out in
his secdir review, and I am now convinced we need better text to address this.

#1  map-version rollover is defined (to skip the 0 version) but I also see:

The packet arrives with a Dest Map-Version number greater (i.e.,
      newer) than the one stored in the EID-to-RLOC Database.  Since
      the ETR is authoritative on the mapping, meaning that the Map-
      Version number of its mapping is the correct one

This would imply rollover to a smaller number is not expected to occur ?

The text is now:


The packet arrives with a Dest Map-Version number newer (as

       defined in Section 6<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#section-6>) than the one stored in the EID-to-RLOC

       Database.  Since the ETR is authoritative on the mapping, meaning

       that the Map-Version number of its mapping is the correct one,

       this implies that someone is not behaving correctly with respect

       to the specifications.  In this case, the packet carries a

       version number that is not valid and packet MUST be silently

       dropped.





#2 MUST NOT or SHOULD ?

Map-Versioning MUST NOT be used over the public Internet and SHOULD only be
used in trusted and closed deployments.

This sentence seems to contradict itself. I would turn the SHOULD into a MUST

The first paragraph of Section 8 “Security Considerations” is now:


 This document builds on the specification and operation of the LISP

   control and data planes.  The Security Considerations of

   [I-D.ietf-lisp-rfc6830bis<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#ref-I-D.ietf-lisp-rfc6830bis>] and [I-D.ietf-lisp-rfc6833bis<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-6834bis-12#ref-I-D.ietf-lisp-rfc6833bis>] apply and,

   as such, Map-Versioning MUST NOT be used over the public Internet and

   MUST only be used in trusted and closed deployments.  A thorough

   security analysis of LISP is documented in [RFC7835<https://datatracker.ietf.org/doc/html/rfc7835>]5>].


As you can see the SHOULD is already changed in a MUST.


Do you consider that the above address your concerns?

Ciao

L.