Re: [lisp] Restarting last call on LISP threats

Ross Callon <rcallon@juniper.net> Thu, 15 May 2014 21:39 UTC

Return-Path: <rcallon@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11E61A02A2 for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:39:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oaRZdyIk9FBb for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:39:46 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0145.outbound.protection.outlook.com [207.46.163.145]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C824E1A014B for <lisp@ietf.org>; Thu, 15 May 2014 14:39:45 -0700 (PDT)
Received: from CO2PR05MB636.namprd05.prod.outlook.com (10.141.199.24) by BN1PR05MB437.namprd05.prod.outlook.com (10.141.58.11) with Microsoft SMTP Server (TLS) id 15.0.939.12; Thu, 15 May 2014 21:39:37 +0000
Received: from CO2PR05MB636.namprd05.prod.outlook.com ([10.141.199.24]) by CO2PR05MB636.namprd05.prod.outlook.com ([10.141.199.24]) with mapi id 15.00.0944.000; Thu, 15 May 2014 21:39:36 +0000
From: Ross Callon <rcallon@juniper.net>
To: Joel Halpern Direct <jmh.direct@joelhalpern.com>, Ronald Bonica <rbonica@juniper.net>, "Joel M. Halpern" <jmh@joelhalpern.com>, =?iso-8859-1?Q?Roger_J=F8rgensen?= <rogerj@gmail.com>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPa58M9eFhkxJvMEaw1MEc+Ryfdps9MyiAgAD04oCAAJ/u8IAAAtXQgABKWQCAAub1gIAAA9wAgAA0wSA=
Date: Thu, 15 May 2014 21:39:35 +0000
Message-ID: <0f6d1eca517e45f7ac5217f3ba1e8d80@CO2PR05MB636.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <5372950E.3080704@joelhalpern.com> <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com> <53750788.900@joelhalpern.com>
In-Reply-To: <53750788.900@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.11]
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(51704005)(199002)(189002)(24454002)(13464003)(479174003)(377454003)(33646001)(561944003)(101416001)(81542001)(81342001)(4396001)(46102001)(76576001)(1941001)(76482001)(77982001)(85852003)(74316001)(83072002)(92566001)(86362001)(99396002)(19580395003)(87936001)(99286001)(2656002)(19580405001)(15975445006)(83322001)(80022001)(66066001)(20776003)(64706001)(74502001)(79102001)(50986999)(31966008)(76176999)(21056001)(74662001)(54356999)(77096999)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BN1PR05MB437; H:CO2PR05MB636.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rcallon@juniper.net;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/adGLqpPt4fO_2Za7aCVd7U73Hgw
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 21:39:47 -0000

I raised a list of problems. They are not all already mentioned in the threats document (eg, note the privacy issue at the end of my detailed email). 

Ross

-----Original Message-----
From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com] 
Sent: Thursday, May 15, 2014 2:29 PM
To: Ronald Bonica; Joel M. Halpern; Roger Jørgensen; Ross Callon
Cc: lisp@ietf.org
Subject: Re: [lisp] Restarting last call on LISP threats

The threats document does not specify how to resolve the threats.  It
identifies problems.  In this particular case, it already identifies the
problem that Ross raised.  Quite clearly.

There is no dependence on the documents Roger pointed to.  They are ways 
of remediating the threat.

Yours,
Joel

On 5/15/14, 2:15 PM, Ronald Bonica wrote:
> Joel,
>
> The threats document should not depend on lisp-sec or lisp-crypto.
> However, Roger's response did rely on those documents (see his
> response, below).
>
> So, we are left to explore whether something was omitted from the
> threats document. Standby for my response to Roger.
>
> Ron
>
>
>
>> -----Original Message----- From: Joel M. Halpern
>> [mailto:jmh@joelhalpern.com] Sent: Tuesday, May 13, 2014 5:57 PM
>> To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: lisp@ietf.org
>> Subject: Re: [lisp] Restarting last call on LISP threats
>>
>> Ron, I am having trouble with the question.
>>
>> The threats document describes the threats as they exist today,
>> without the adoption of either document that Roger pointed to.
>> Thus, I do not see any dependence.
>>
>> If there is a threat that is not well described in the base spec or
>> this document, then we should add it.  We should add it even if
>> there are proposals to remediate it.  But if there is a clear
>> proposal of a missing threat, I missed it.
>>
>> Yours, Joel
>>
>> On 5/13/14, 1:31 PM, Ronald Bonica wrote:
>>> Hi Roger,
>>>
>>> Or asked more explicitly, can the level of security claimed by
>>> the threats
>> document be achieved without implementing the protocol extensions
>> described in lisp-sec and lisp-crypto?
>>>
>>> Ron
>>>
>>>
>>>> -----Original Message----- From: Ronald Bonica Sent: Tuesday,
>>>> May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc:
>>>> lisp@ietf.org Subject: RE: [lisp] Restarting last call on LISP
>>>> threats
>>>>
>>>> Hi Roger,
>>>>
>>>> Can this draft stand on its own, without integrating content
>>>> from the documents that you reference?
>>>>
>>>>
>>>> Ron
>>>>
>>>>>
>>>>> There exist two draft that are relevant to what you address.
>>>>>
>>>>> You have
>>>>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
>>>>>
>>>>>
where the payload of a LISP encapsulated packet are encrypted. None
>>>>> of the keys for encrypting/decrypting are stored in the
>>>>> mapping system but is calculated by the xTR's involved. Then
>>>>> you have
>>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that
>>>>> attempts to secure the xTR to xTR relationship.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>
>>> _______________________________________________ lisp mailing
>>> list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp
>>>