Re: [lisp] Secdir last call review of draft-ietf-lisp-rfc6830bis-15

Dino Farinacci <farinacci@gmail.com> Tue, 11 September 2018 17:11 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC396130EDF; Tue, 11 Sep 2018 10:11:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYmEMbGr89OW; Tue, 11 Sep 2018 10:11:28 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8D98130EDB; Tue, 11 Sep 2018 10:11:27 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id f6-v6so11641146plo.1; Tue, 11 Sep 2018 10:11:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=sKCjNHSLw2CR962a/4A9846/i1bDAFle5yAzogvd+8A=; b=P1l/QAWyiqydtxbbMes8QzIRkUJa8HJhrFXAmMPV+DEBHr1JtoNQzHUxoaKKQsUkX9 a82ZU/7R2Piy9XZUlnXJ34aBswT9k3VZso+9soki6aDDt7WDxJ4xw1BeKY+hUCBusGgw xiDSc3HYi6nO05fWFoIjgQhqH/Cy3DiezNTdpRq8to5SoEpVcDzuLNMz8ciUbfVrMSS+ YtUxHz2XJ1dh6cxXpWbFCQVGAcTbNXOgh0cXwxQxjiK21C5tRTThugsN+jOoAKt1gQ9j yQ5q34cpSUTcvZYMk/EXfDoxv6Ymll5cN9R5SaMOrGT9T6v87PZvuDO4nxRuEUmSWEIN pcfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=sKCjNHSLw2CR962a/4A9846/i1bDAFle5yAzogvd+8A=; b=XRohv2pikEcq2R7WmaVV7I98nKpj4gY3wn9zO4aMjpS2teXdbO93SaRrsvvDCuJIkB fTctegXvHkPhiIwP6ZV26s0cAiFM7GCJXVDPIHoc7nQWnEnfsNJBmsYWqkKDlMHJ5PlJ 8N/xCsTYi1lHUzT+B0ClmLFEHhkt6v0JHq1xttFCjidQ7lusb1R8yVcjHGKqxszz3BVD z+8aNA5z81qmjc1EiyI2h0sj2fJxYOntqfXkI358768eBrA65e42QT8+KGd5Y9vrkPrA MLc6+Z7xuBfV6AuZ7xBW/G6NyD5QWVa9o7xJ96M/Ex8GUjIro3hfqQUqAKG43+gM8d1p gYnw==
X-Gm-Message-State: APzg51DC+yumWZSRdTjMACLoRf/Eo5vnIZhT1KcoPDfoXb8QLPBg6Vk5 xTAW9p66JU6v13rfS/xU+G8=
X-Google-Smtp-Source: ANB0VdaK8B/50WVjFAnJv1uLA1Qa5q1cnmh/06FujepCHoB2vBDQw7/tmBB+f8cF+OS2Z5dQHLnxhw==
X-Received: by 2002:a17:902:2e83:: with SMTP id r3-v6mr28326760plb.80.1536685887443; Tue, 11 Sep 2018 10:11:27 -0700 (PDT)
Received: from [10.31.79.252] ([96.72.181.209]) by smtp.gmail.com with ESMTPSA id j27-v6sm34749919pfj.91.2018.09.11.10.11.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Sep 2018 10:11:26 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAJU8_nX9mNZ=DvQoCmqzptWfK10G+HpmOx2L+LAH-srNJRuXuA@mail.gmail.com>
Date: Tue, 11 Sep 2018 10:11:25 -0700
Cc: Luigi Iannone <ggx@gigix.net>, IETF SecDir <secdir@ietf.org>, draft-ietf-lisp-rfc6830bis.all@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6546936B-3AFD-47C4-8A27-8298DDDBBA09@gmail.com>
References: <153513922907.22939.10542350679349996082@ietfa.amsl.com> <FDA69FDF-696B-4959-AADB-0999630C723D@gmail.com> <CAJU8_nWwHAQYeo4oCVq=dVquRK1VhO-TdUKw5JmvbX1idWa=VA@mail.gmail.com> <A037BDB7-C780-4D44-A031-49F39AA3F11F@gmail.com> <CAJU8_nUJ7BLJhgjw6Sa-xeY0=OpK4N2ffKLjZ-3m6+Uiws5wTw@mail.gmail.com> <77109099-A756-4563-968C-5AC17FF38291@gigix.net> <CAJU8_nX9mNZ=DvQoCmqzptWfK10G+HpmOx2L+LAH-srNJRuXuA@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/WygdEPCWiSKGOIq1GKJ4LaUjqPo>
Subject: Re: [lisp] Secdir last call review of draft-ietf-lisp-rfc6830bis-15
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 17:11:30 -0000

> but this doesn't specifically address the fact that a pull-based control plane will fail in a different way, and one that is potentially harder to diagnose, from a push-based one. One area in which it differs is that a loss of a BGP session followed by a network partition is obvious to all users trying to move traffic between those two networks, while choking off control plane traffic in LISP may only affect some endpoints in a mysterious way.

IMO, a feature and not a bug. And arguably harder to diagnose makes it more secure.

Dino