Re: [lisp] Restarting last call on LISP threats

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 15 May 2014 21:42 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C6B41A0144 for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8pYmf81C9aG for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:42:29 -0700 (PDT)
Received: from mailc2.tigertech.net (mailc2.tigertech.net [208.80.4.156]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71F4A1A0138 for <lisp@ietf.org>; Thu, 15 May 2014 14:42:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailc2.tigertech.net (Postfix) with ESMTP id 6B951481C8D; Thu, 15 May 2014 14:42:22 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at c2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-10.clppva.east.verizon.net [70.106.135.10]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mailc2.tigertech.net (Postfix) with ESMTPSA id 27EA4481C92; Thu, 15 May 2014 14:42:21 -0700 (PDT)
Message-ID: <537534BA.6020106@joelhalpern.com>
Date: Thu, 15 May 2014 17:42:18 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Ross Callon <rcallon@juniper.net>, Joel Halpern Direct <jmh.direct@joelhalpern.com>, Ronald Bonica <rbonica@juniper.net>, =?ISO-8859-1?Q?Roger_J=F8rgensen?= <rogerj@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <5372950E.3080704@joelhalpern.com> <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com> <53750788.900@joelhalpern.com> <0f6d1eca517e45f7ac5217f3ba1e8d80@CO2PR05MB636.namprd05.prod.outlook.com>
In-Reply-To: <0f6d1eca517e45f7ac5217f3ba1e8d80@CO2PR05MB636.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/XEDWjJrwHqQ1rr22n05kHN4pnoA
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 21:42:30 -0000

I may have misread the discussion.
I was commenting only on the one topic of gleaning.  I was leaving it to 
the authors to respond to your other comments.
Yours,
Joel

On 5/15/14, 5:39 PM, Ross Callon wrote:
> I raised a list of problems. They are not all already mentioned in the threats document (eg, note the privacy issue at the end of my detailed email).
>
> Ross
>
> -----Original Message-----
> From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com]
> Sent: Thursday, May 15, 2014 2:29 PM
> To: Ronald Bonica; Joel M. Halpern; Roger Jørgensen; Ross Callon
> Cc: lisp@ietf.org
> Subject: Re: [lisp] Restarting last call on LISP threats
>
> The threats document does not specify how to resolve the threats.  It
> identifies problems.  In this particular case, it already identifies the
> problem that Ross raised.  Quite clearly.
>
> There is no dependence on the documents Roger pointed to.  They are ways
> of remediating the threat.
>
> Yours,
> Joel
>
> On 5/15/14, 2:15 PM, Ronald Bonica wrote:
>> Joel,
>>
>> The threats document should not depend on lisp-sec or lisp-crypto.
>> However, Roger's response did rely on those documents (see his
>> response, below).
>>
>> So, we are left to explore whether something was omitted from the
>> threats document. Standby for my response to Roger.
>>
>> Ron
>>
>>
>>
>>> -----Original Message----- From: Joel M. Halpern
>>> [mailto:jmh@joelhalpern.com] Sent: Tuesday, May 13, 2014 5:57 PM
>>> To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: lisp@ietf.org
>>> Subject: Re: [lisp] Restarting last call on LISP threats
>>>
>>> Ron, I am having trouble with the question.
>>>
>>> The threats document describes the threats as they exist today,
>>> without the adoption of either document that Roger pointed to.
>>> Thus, I do not see any dependence.
>>>
>>> If there is a threat that is not well described in the base spec or
>>> this document, then we should add it.  We should add it even if
>>> there are proposals to remediate it.  But if there is a clear
>>> proposal of a missing threat, I missed it.
>>>
>>> Yours, Joel
>>>
>>> On 5/13/14, 1:31 PM, Ronald Bonica wrote:
>>>> Hi Roger,
>>>>
>>>> Or asked more explicitly, can the level of security claimed by
>>>> the threats
>>> document be achieved without implementing the protocol extensions
>>> described in lisp-sec and lisp-crypto?
>>>>
>>>> Ron
>>>>
>>>>
>>>>> -----Original Message----- From: Ronald Bonica Sent: Tuesday,
>>>>> May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc:
>>>>> lisp@ietf.org Subject: RE: [lisp] Restarting last call on LISP
>>>>> threats
>>>>>
>>>>> Hi Roger,
>>>>>
>>>>> Can this draft stand on its own, without integrating content
>>>>> from the documents that you reference?
>>>>>
>>>>>
>>>>> Ron
>>>>>
>>>>>>
>>>>>> There exist two draft that are relevant to what you address.
>>>>>>
>>>>>> You have
>>>>>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
>>>>>>
>>>>>>
> where the payload of a LISP encapsulated packet are encrypted. None
>>>>>> of the keys for encrypting/decrypting are stored in the
>>>>>> mapping system but is calculated by the xTR's involved. Then
>>>>>> you have
>>>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that
>>>>>> attempts to secure the xTR to xTR relationship.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>
>>>> _______________________________________________ lisp mailing
>>>> list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
>>>>
>