Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption

Damien Saucez <> Thu, 04 December 2014 20:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E232A1A1A57 for <>; Thu, 4 Dec 2014 12:04:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mCHiZWHKd8d3 for <>; Thu, 4 Dec 2014 12:04:11 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B49F81A1A64 for <>; Thu, 4 Dec 2014 12:04:04 -0800 (PST)
Received: by with SMTP id b13so23918673wgh.18 for <>; Thu, 04 Dec 2014 12:04:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=exg2Elax8WrGYz8l/OPWF56yEsdyuEzKKj59m9f9AyM=; b=bxlGr5Ll9wgh/QMaa8NWFGhl63xFfAtJpFNgesGZeou3pm99+Pczo/emdhh6RP8pmQ pqU/wiYWB61TfCE6NAwWBaloHHaQ6ynx1M2sTqEmc8tebtiSXLCp93qTSJ5OAsbB4jSd Ey4c+bOrbetcTfZ7frUBMiUKfBdgeLwA1q3UueJNqDUV2Gir/5Xts87pWm6HtczpYOlR 2niIAtocaoU3UYHA8ztCbk/KxIG2ZjCd0byoAwFIUjlz3GJvSLRuaQWf/uuMxzR9fCl6 7998MV0SKm+t/u7x3/+LagKnfDC/TCdRfNOBHPmJIQpTJVSW0avZG2okxkYNIxMXcDpT OOTQ==
X-Received: by with SMTP id ap8mr18779879wjc.2.1417723443451; Thu, 04 Dec 2014 12:04:03 -0800 (PST)
Received: from ( []) by with ESMTPSA id m6sm33173354wix.10.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 04 Dec 2014 12:04:02 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Damien Saucez <>
In-Reply-To: <>
Date: Thu, 4 Dec 2014 21:04:03 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: Fabio Maino <>
X-Mailer: Apple Mail (2.1878.6)
Cc: LISP mailing list list <>
Subject: Re: [lisp] draft-farinacci-lisp-crypto-01 - Call for WG Adoption
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Dec 2014 20:04:14 -0000


I think that you are both (Dino and Fabio) right somehow.

I am happy to see work towards security and proposals to enable cryptography in
LISP.  So from that point of view I fully support Dino’s proposition.

I also agree with Fabio that the best to secure a system is to completely think
the system with security in mind.  So from that point of view incremental
changes in the protocol is not the ideal.  So I am strongly in favour of
proposing a generalised data-plane and a generalised control-plane for LISP.

The question is then to know how fast we want to have a solution. If we need it
fast, we may pay the price of patching the protocol. If we consider we have time,
then let’s go for a generalisation a-la GPE.

Is backward compatibly an absolute requirement?

Damien Saucez 

On 04 Dec 2014, at 20:08, Fabio Maino <> wrote:

> I don't support adoption of this document.
> The document is proposing an extension of the LISP header to support data plane security.  However, there has been quite a lot of discussion in various WGs, including LISP, about the need for a more flexible overlay encapsulation. Besides support for data plane security, the requirements include capability to support non IP payloads, and to support metadata for various applications including service chaining  and policy tags.
> I believe that rather than just adding incremental support for data plane security, the WG should  have a comprehensive look at how to extend the LISP header to address the requirements above. draft-lewis-lisp-gpe, that was presented to the WG a few times, tries to address all of those requirements.
> Extending the semantic of the header to support data plane security, at least for HW implementations, comes at about the same cost of addressing all of the requirements above. I believe the same is true, to a lesser extent, even with SW implementations (at least those that deal with the encap in the kernel).
> Thanks,
> Fabio
> On 12/4/14, 3:27 AM, Luigi Iannone wrote:
>> Hi All,
>> During the 91st IETF authors of the draft-farinacci-lisp-crypto-01
>> []
>> asked for WG adoption. Meeting participants expressed consensus on adoption.
>> This message begins the two weeks call for WG adoption to confirm the meeting outcome.
>> The call ends on  December 19th 2014.
>> Please respond to the LISP mailing list with any statements of approval or disapproval.
>> Recall that:
>> - This is not WG Last Call. The document is not final, and the WG is expected to
>>   modify the document’s content until there is WG consensus that the content is solid.
>>   Therefore, please don’t oppose adoption just because you want to see changes to its content.
>> - If you have objections to adoption of the document, please state your reasons why,
>>   and explain what it would take to address your concerns.
>> - If you have issues with the content, by all means raise those issues and we can
>>   begin a dialog about how best to address them.
>>                                                                                                                                Luigi and Joel
>> _______________________________________________
>> lisp mailing list
> _______________________________________________
> lisp mailing list