Re: [lisp] Restarting last call on LISP threats

Joel Halpern Direct <jmh.direct@joelhalpern.com> Thu, 15 May 2014 18:29 UTC

Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E98791A0317 for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 11:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcpkSamiVPhP for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 11:29:38 -0700 (PDT)
Received: from mailc2.tigertech.net (mailc2.tigertech.net [208.80.4.156]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5C5D1A030B for <lisp@ietf.org>; Thu, 15 May 2014 11:29:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailc2.tigertech.net (Postfix) with ESMTP id D7671480781; Thu, 15 May 2014 11:29:31 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at c2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-10.clppva.east.verizon.net [70.106.135.10]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mailc2.tigertech.net (Postfix) with ESMTPSA id C5A8C480780; Thu, 15 May 2014 11:29:30 -0700 (PDT)
Message-ID: <53750788.900@joelhalpern.com>
Date: Thu, 15 May 2014 14:29:28 -0400
From: Joel Halpern Direct <jmh.direct@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>, "Joel M. Halpern" <jmh@joelhalpern.com>, =?ISO-8859-1?Q?Roger_J=F8rgensen?= <rogerj@gmail.com>, Ross Callon <rcallon@juniper.net>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <5372950E.3080704@joelhalpern.com> <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com>
In-Reply-To: <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/YfkZ9XxKlLO-5VJXncJTBCxbbkM
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 18:29:40 -0000

The threats document does not specify how to resolve the threats.  It
identifies problems.  In this particular case, it already identifies the
problem that Ross raised.  Quite clearly.

There is no dependence on the documents Roger pointed to.  They are ways 
of remediating the threat.

Yours,
Joel

On 5/15/14, 2:15 PM, Ronald Bonica wrote:
> Joel,
>
> The threats document should not depend on lisp-sec or lisp-crypto.
> However, Roger's response did rely on those documents (see his
> response, below).
>
> So, we are left to explore whether something was omitted from the
> threats document. Standby for my response to Roger.
>
> Ron
>
>
>
>> -----Original Message----- From: Joel M. Halpern
>> [mailto:jmh@joelhalpern.com] Sent: Tuesday, May 13, 2014 5:57 PM
>> To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: lisp@ietf.org
>> Subject: Re: [lisp] Restarting last call on LISP threats
>>
>> Ron, I am having trouble with the question.
>>
>> The threats document describes the threats as they exist today,
>> without the adoption of either document that Roger pointed to.
>> Thus, I do not see any dependence.
>>
>> If there is a threat that is not well described in the base spec or
>> this document, then we should add it.  We should add it even if
>> there are proposals to remediate it.  But if there is a clear
>> proposal of a missing threat, I missed it.
>>
>> Yours, Joel
>>
>> On 5/13/14, 1:31 PM, Ronald Bonica wrote:
>>> Hi Roger,
>>>
>>> Or asked more explicitly, can the level of security claimed by
>>> the threats
>> document be achieved without implementing the protocol extensions
>> described in lisp-sec and lisp-crypto?
>>>
>>> Ron
>>>
>>>
>>>> -----Original Message----- From: Ronald Bonica Sent: Tuesday,
>>>> May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc:
>>>> lisp@ietf.org Subject: RE: [lisp] Restarting last call on LISP
>>>> threats
>>>>
>>>> Hi Roger,
>>>>
>>>> Can this draft stand on its own, without integrating content
>>>> from the documents that you reference?
>>>>
>>>>
>>>> Ron
>>>>
>>>>>
>>>>> There exist two draft that are relevant to what you address.
>>>>>
>>>>> You have
>>>>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
>>>>>
>>>>>
where the payload of a LISP encapsulated packet are encrypted. None
>>>>> of the keys for encrypting/decrypting are stored in the
>>>>> mapping system but is calculated by the xTR's involved. Then
>>>>> you have
>>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that
>>>>> attempts to secure the xTR to xTR relationship.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>
>>> _______________________________________________ lisp mailing
>>> list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
>>>