Re: [lisp] Restarting last call on LISP threats

"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 13 May 2014 21:56 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E971A01E2 for <lisp@ietfa.amsl.com>; Tue, 13 May 2014 14:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRDZf4sPT7PY for <lisp@ietfa.amsl.com>; Tue, 13 May 2014 14:56:39 -0700 (PDT)
Received: from mailc2.tigertech.net (mailc2.tigertech.net [208.80.4.156]) by ietfa.amsl.com (Postfix) with ESMTP id 684C71A01A5 for <lisp@ietf.org>; Tue, 13 May 2014 14:56:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailc2.tigertech.net (Postfix) with ESMTP id 4F4C0381DA1; Tue, 13 May 2014 14:56:33 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at c2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-10.clppva.east.verizon.net [70.106.135.10]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mailc2.tigertech.net (Postfix) with ESMTPSA id 6CC63381D30; Tue, 13 May 2014 14:56:32 -0700 (PDT)
Message-ID: <5372950E.3080704@joelhalpern.com>
Date: Tue, 13 May 2014 17:56:30 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>, =?ISO-8859-1?Q?Roger_J=F8rgens?= =?ISO-8859-1?Q?en?= <rogerj@gmail.com>, Ross Callon <rcallon@juniper.net>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com>
In-Reply-To: <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/OkwIDIiit9P7WjWXQ62b-rXpBu8
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 21:56:40 -0000

Ron, I am having trouble with the question.

The threats document describes the threats as they exist today, without 
the adoption of either document that Roger pointed to.  Thus, I do not 
see any dependence.

If there is a threat that is not well described in the base spec or this 
document, then we should add it.  We should add it even if there are 
proposals to remediate it.  But if there is a clear proposal of a 
missing threat, I missed it.

Yours,
Joel

On 5/13/14, 1:31 PM, Ronald Bonica wrote:
> Hi Roger,
>
> Or asked more explicitly, can the level of security claimed by the threats document be achieved without implementing the protocol extensions described in lisp-sec and lisp-crypto?
>
>                                                            Ron
>
>
>> -----Original Message-----
>> From: Ronald Bonica
>> Sent: Tuesday, May 13, 2014 1:22 PM
>> To: 'Roger Jørgensen'; Ross Callon
>> Cc: lisp@ietf.org
>> Subject: RE: [lisp] Restarting last call on LISP threats
>>
>> Hi Roger,
>>
>> Can this draft stand on its own, without integrating content from the
>> documents that you reference?
>>
>>                                                                                               Ron
>>
>>>
>>> There exist two draft that are relevant to what you address.
>>>
>>> You have https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
>>> where the payload of a LISP encapsulated packet are encrypted. None of
>>> the keys for encrypting/decrypting are stored in the mapping system
>>> but is calculated by the xTR's involved.
>>> Then you have https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/
>>> that attempts to secure the xTR to xTR relationship.
>>>
>>>
>>>
>>> --
>>>
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>