IETF Logo Mail Archive

[lisp] Fwd: I-D Action: draft-ietf-lisp-crypto-01.txt

Dino Farinacci <farinacci@gmail.com> Fri, 01 May 2015 23:04 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28A8C1B2E75 for <lisp@ietfa.amsl.com>; Fri, 1 May 2015 16:04:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LF8t84OSw4hD for <lisp@ietfa.amsl.com>; Fri, 1 May 2015 16:04:05 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09C401B2EB6 for <lisp@ietf.org>; Fri, 1 May 2015 16:04:05 -0700 (PDT)
Received: by pabsx10 with SMTP id sx10so103357925pab.3 for <lisp@ietf.org>; Fri, 01 May 2015 16:04:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:references :to:message-id:mime-version; bh=O4j/CYbmi41cgzg3rnuXLWataOiIGgDMECMqF3hfoaI=; b=IjZok9jshRpqt2C8/hHAFMhdUZ+pyUWhukyMPgQwR5GxWfpVatJADO5Y7q5H105PST zpYsl+KPW1WnYL0jVBNMkRTHYUoxfTzz6rLhz854rFf6xhESe8I9Wyd2+YjPPcmHx+rB evqdCc7wPGwKZDzIHzg+xk1VMTFWHyLVEudAcm01yfA50ut3OtPuCBnx+ZJV2v77TIAt KXmK4nh75DskqheFNGfs0AQama5u1zWHHUFMQdpTOY1WZ6QwX7qUNeTrcR6GSjcilrcb cJC5x5GNXZS/B6P4T8+5n0A0ue47qcjXkZqqj8MPIp85EnWnZlkZ8U28fNfaXLgSQOm1 IV7Q==
X-Received: by 10.68.107.97 with SMTP id hb1mr21648463pbb.122.1430521444679; Fri, 01 May 2015 16:04:04 -0700 (PDT)
Received: from ?IPv6:2601:9:4701:1df0:c4f4:ec3b:4dfc:be74? ([2601:9:4701:1df0:c4f4:ec3b:4dfc:be74]) by mx.google.com with ESMTPSA id pa1sm5811559pdb.73.2015.05.01.16.04.03 for <lisp@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 01 May 2015 16:04:04 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 01 May 2015 16:04:03 -0700
References: <20150501225938.17488.33586.idtracker@ietfa.amsl.com>
To: LISP mailing list list <lisp@ietf.org>
Message-Id: <E0214FD5-7C51-45FA-89EC-B3656B6A6766@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/KAlVG6VWyU6vSIp2SP_rYluoxIo>
Subject: [lisp] Fwd: I-D Action: draft-ietf-lisp-crypto-01.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2015 23:04:07 -0000

Folks, this draft contains the following changes:

B.1.  Changes to draft-ietf-lisp-crypto-01.txt

   o  Posted May 2015.

   o  Create cipher suites and encode them in the Security LCAF.

   o  Add IV to beginning of packet header and ICV to end of packet.

   o  AEAD procedures are now part of encryption process.

And are based on detail security expert comments from Watson Ladd and Ilari Liusvaara. Not to mention a new co-author Brian Weis, who has been working on security standards in the IETF and building security products for well over a decade.

I have done a prototype to test out IV and ICVs and tend to do a full xTR implementation starting next week. I have also experimented with different Elliptic-Curve Diffie-Hellman groups and will do CPU utilization comparisons.

Thanks,
Dino

> Begin forwarded message:
> 
> From: internet-drafts@ietf.org
> Subject: [lisp] I-D Action: draft-ietf-lisp-crypto-01.txt
> Date: May 1, 2015 at 3:59:38 PM PDT
> To: <i-d-announce@ietf.org>
> Cc: lisp@ietf.org
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Locator/ID Separation Protocol Working Group of the IETF.
> 
>        Title           : LISP Data-Plane Confidentiality
>        Authors         : Dino Farinacci
>                          Brian Weis
> 	Filename        : draft-ietf-lisp-crypto-01.txt
> 	Pages           : 16
> 	Date            : 2015-05-01
> 
> Abstract:
>   This document describes a mechanism for encrypting LISP encapsulated
>   traffic.  The design describes how key exchange is achieved using
>   existing LISP control-plane mechanisms as well as how to secure the
>   LISP data-plane from third-party surveillance attacks.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-lisp-crypto-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-crypto-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email