IETF Logo Mail Archive

Re: [lisp] Virtual meeting

"Alberto Rodriguez Natal (natal)" <natal@cisco.com> Wed, 18 March 2020 03:56 UTC

Return-Path: <natal@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47BFE3A1027 for <lisp@ietfa.amsl.com>; Tue, 17 Mar 2020 20:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=edcVrP6w; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bHCABps1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RbZn2qmITU67 for <lisp@ietfa.amsl.com>; Tue, 17 Mar 2020 20:56:20 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9665B3A100C for <lisp@ietf.org>; Tue, 17 Mar 2020 20:56:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3294; q=dns/txt; s=iport; t=1584503780; x=1585713380; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Vx18RXVzaGfaBKAtqvx/t9VPLZ0/A4grJxrccY649Dw=; b=edcVrP6wwLqiMywWPlogVZk4m0MsekSYWetvDxIPN1jp/aRqc7Itjynq IZqBYJo7J22tRTBiAAjT7pQXqfgnKS3+oz9gv/iHBstlHfF8dmtR8vf+h uR32cyUt9eyqmBOyZMq5DKRcDAFw3D4EtPo+RIjTEvQgxJNq+XuBkQrRf Y=;
IronPort-PHdr: 9a23:LXrcfBGs4JpAMMm2AROxX51GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e4w3A3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNVcejNkO2QkpAcqLE0r+efjjcyU+NM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CaBQDomnFe/4ENJK1mHAEBAQEBBwEBEQEEBAEBgXuBVFAFgUQgBAsqhBaDRQOKcoI6JZgYgUKBEANUCQEBAQwBAS0CBAEBhEMCF4F9JDgTAgMBAQsBAQUBAQECAQUEbYVWDIVkAQEBAxIREQwBATAHAQ8CAQgYAgIZDQICAjAVEAIEDgUigwSCSwMuAaMmAoE5iGJ1gTKCfwEBBYJEgjsYggwJgQ4qjC4aggCBEScMFIJNPoQWARIBCRgXgnoygiyNd4J7n1MKgjyNJYlTHZtJqmUCBAIEBQIOAQEFgWkiZ3FwFTsqAYJBUBgNjh2Dc0aKD3SBKYs9LYIUAQE
X-IronPort-AV: E=Sophos;i="5.70,566,1574121600"; d="scan'208";a="473560529"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Mar 2020 03:56:19 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 02I3uJe7030841 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Mar 2020 03:56:19 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 17 Mar 2020 22:56:19 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 17 Mar 2020 22:56:18 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 17 Mar 2020 22:56:18 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j251g+R14G3ckpSNR82rEJQbxiU/MnKX/wjSjU0++UjB/V7rMv030chx0ARFNYKxICqJYrFUjsapWRp5fF3Gie01KdrXCzYWTP2AhyeDrE+B/8A9BPhS86KXrhD2uujqZ5yAZ0s9TTw5Izj3TMrGRjN0RQu71UnYxNvOeSCSH5HDo6kDR8xqjq3VE/YgebMjRkChZWKQW81uNDPBMQKlb6P9D3YZmQbhtdjMmdG2URBbSgkJuEyUHR+Y2zz2oDi2Apux1p3WYOWB1ZCW3sXTb2o5is2+0+b1YNS8NvuZfV/YS5PMn8iwVGaBFb9AdK2owLvhTZ4Q+gy7etjggcEbNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Vx18RXVzaGfaBKAtqvx/t9VPLZ0/A4grJxrccY649Dw=; b=Kt/4XXARSJUa7HUYDq2MR07ZObCMkvpCa6c3K5J2ksvQi74TFiKKf4VYSIFPYVXUBqCFgXWkPFVoqw+Hp8C3mSKSmn7gGIa0oOtdtGiza84lfy9PzBtuctuAh+tT2qI/d4uPlnASKP2KEw6WkCdW0ZwotDpweMaJri6Qdxh6Ed/xV7syKIZKvZzdYAZ5s66dIe6ECXaYTfzOHvYLIW8nZpbtPkYqnKVtemGV7wyDb/+tfPDq8Ks5U64HMFKEttoqDleb23eEbuM3AAd2AHA1lgbN1hioX4di9yzC3lh8n58vcZONYbRI+Yt4TOLdU0uwzIi4o1kAmwEkPvuz609ahQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vx18RXVzaGfaBKAtqvx/t9VPLZ0/A4grJxrccY649Dw=; b=bHCABps1pWA1MJ2Fg3z4RXIEQr9oD/qsh0I3H/DU3repUZ2UnXOR4mlsFFhm5+cOwWV3LIE/PXQnpIN+G3IzqlRP9JnZBdcEo5PhGqpvsRDfij5DGo/uBLKbUlsfwVyyfroFQzfVr8jRLsT5ActgzaSLFp4Nfgo/2zDX5G/DY0k=
Received: from BY5PR11MB4273.namprd11.prod.outlook.com (2603:10b6:a03:1c9::32) by BY5PR11MB4419.namprd11.prod.outlook.com (2603:10b6:a03:1c8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.18; Wed, 18 Mar 2020 03:56:17 +0000
Received: from BY5PR11MB4273.namprd11.prod.outlook.com ([fe80::4861:82b8:5aed:692d]) by BY5PR11MB4273.namprd11.prod.outlook.com ([fe80::4861:82b8:5aed:692d%7]) with mapi id 15.20.2814.021; Wed, 18 Mar 2020 03:56:17 +0000
From: "Alberto Rodriguez Natal (natal)" <natal@cisco.com>
To: Joel Halpern Direct <jmh.direct@joelhalpern.com>
CC: "lisp@ietf.org" <lisp@ietf.org>
Thread-Topic: [lisp] Virtual meeting
Thread-Index: AQHV9yUe+1HiOdBvP0m8TlCT0OA6SahCXZOAgAABdICAAAH9AIAABLCAgAi0SYCAAHfdAIABvNyA
Date: Wed, 18 Mar 2020 03:56:17 +0000
Message-ID: <613F569E-6FCF-4363-A60A-CB14C6459FE2@cisco.com>
References: <bf751274-3d10-4675-40ff-0876b968ec58@joelhalpern.com> <EB8728FF-8299-4915-81C0-7A414E1A1735@gmail.com> <b2bf2e7c-9535-e6b2-51ff-dc922c875fb7@joelhalpern.com> <F0929D9F-2726-48AF-90E0-9242A5898F4C@gmail.com> <e995cd58-3504-c7b4-a970-f55550e3829b@joelhalpern.com> <0310FDA2-6AE2-472B-82A7-D38039F64DDB@cisco.com> <293fbb16-75c4-bb79-e183-eaf781b696e3@joelhalpern.com>
In-Reply-To: <293fbb16-75c4-bb79-e183-eaf781b696e3@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=natal@cisco.com;
x-originating-ip: [2001:420:c0c8:1008::43]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 170986aa-ee23-4062-a230-08d7caf04ff7
x-ms-traffictypediagnostic: BY5PR11MB4419:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BY5PR11MB4419B3BC284A48E9BC39EF97B6F70@BY5PR11MB4419.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 03468CBA43
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(366004)(346002)(396003)(39860400002)(376002)(199004)(5660300002)(6512007)(6916009)(316002)(8676002)(478600001)(8936002)(66446008)(6506007)(2906002)(53546011)(81156014)(81166006)(6486002)(4326008)(71200400001)(64756008)(2616005)(33656002)(36756003)(76116006)(186003)(86362001)(66946007)(66556008)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY5PR11MB4419; H:BY5PR11MB4273.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QWzXKuJ6sQHzuVeYJlqIOo6z8JxW7XtDHEqlP7spSwmD0DuJ0+XSvs4m8NPx3Av5BeNvbXSl1YvEMyEOpwhUUXhZEtWuuMzHDLdTKdDYpncPTVftgUQ3NPnQcVXVRAMHbcLBiwk3943FdGKjga4sZ+WGDymXmJ+HTBN1yTSUchgVRcnHvT98yk96CO1mAh9/RXwEzAI8s2UbQ3ma2jXGs7DaB5fzu0Ybk+2p1pyc7dgPHrzqO+908u7Lxk4RjJp6iTk0hJEUgXM3oa8MP7bYSthR+MCRC+ZM9+oLoewNn6vxhOmq+mqQywYczAoeAXJvBdiFaHLCT23Tz9JtrAdPjc914qvACRC9q21vp/zbWAYXWpDRIim/KzsclJ3UsbCn4TXUZTFOlsAlPE351NGA5LcPT9rMiG0m4GdaPV1/nFCjroxlW86kJrTL4nV2NpS2
x-ms-exchange-antispam-messagedata: ERE9Fxi3qiQMR34xCebXylIKXZk7bs2s47zcXJoCaH7mKKU5e1gq+bmC2yYKn5IetpAOM++PEeBCThizYr0tUS6R56TXl+rk8HY8QZ/FypE33TjSkC9vwMwLB9sqA/ReVSKxeFIjzW/2wZrvafNmTZkGAVsmSDkA8hw1XP6xZsc=
Content-Type: text/plain; charset="utf-8"
Content-ID: <B6002ED15383DC4FB9CB3910163BDBC2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 170986aa-ee23-4062-a230-08d7caf04ff7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2020 03:56:17.7755 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vtXBci2hp5/czblN6BgUwm2rV5zjweiJko/57+K2a5AmP3rQuYTc41AXZHaS+WRJ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4419
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/L4diucGEMjgBiHEoDjaGPXPfi-E>
Subject: Re: [lisp] Virtual meeting
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 03:56:42 -0000

Thanks Joel, I've tried to summarize my line of thought below. There may be other aspects I'm missing.

In traditional LISP, there is some shared state between a Map-Server and an ETR in order to validate Map-Notifies. First, for integrity protection Map-Notifies include some authentication data generated using a shared key between the Map-Server and the ETR. Second, to protect against replay attacks the nonce used in the Map-Register/Map-Notify exchange is incremented over time. This requires that both the Map-Server and the ETR are in synch regarding the shared key and incremental nonce.

PubSub introduces a new protocol operation where a Map-Server can send Map-Notify messages to ITRs. This departs from the traditional ETR-MS relationship stated above and introduces a few questions. How to keep a shared key at scale between ITRs and a Map-Server? The ratio of ITRs-to-MS is potentially orders of magnitude bigger than the ratio of ETRs-to-MS, are shared keys even feasible? Besides, how to handle the nonce increment when the ITR is also an ETR? Do we need to keep track of two Map-Notify nonces, one for the Map-Register exchange and another for PubSub operation?

Thanks,
Alberto

On 3/16/20, 11:24 AM, "Joel Halpern Direct" <jmh.direct@joelhalpern.com> wrote:

    Thank you Alberto.  To see if folks want to engage on the topic, could 
    you write a short email describing the question and, if you can, some of 
    the things that you would like to discuss?
    
    Folks, let's be clear.  I do expect we will have a virtual interim. 
    Maybe even more than one.  I would really like to see groundwork on the 
    email list so that any request by the chairs for folks to make time is 
    for more than just some presentations.
    
    Thank you,
    Joel
    
    On 3/16/2020 2:15 PM, Alberto Rodriguez Natal (natal) wrote:
    > Joel, all,
    > 
    > I'm in favor of having a virtual interim meeting. One of the points that I have on my personal list of "things to discuss when we have time" is the aspect of (unsolicited) Map-Notifies on PubSub. I think it can benefit from some deeper discussion with the WG regarding, nonces, security associations, ITR-MS relationship, etc. If the WG is up to it, I can bring the topic for discussion and get some opinions on an interim.
    > 
    > Thanks,
    > Alberto
    >      
    >

v2.23.0 | Report a Bug | By Email