IETF Logo Mail Archive

Re: [lisp] Virtual meeting

Dino Farinacci <farinacci@gmail.com> Tue, 31 March 2020 23:27 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C061B3A0CF5 for <lisp@ietfa.amsl.com>; Tue, 31 Mar 2020 16:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgwNTybWHQ_o for <lisp@ietfa.amsl.com>; Tue, 31 Mar 2020 16:27:21 -0700 (PDT)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C8F23A0CF4 for <lisp@ietf.org>; Tue, 31 Mar 2020 16:27:21 -0700 (PDT)
Received: by mail-pf1-x429.google.com with SMTP id b72so11109562pfb.11 for <lisp@ietf.org>; Tue, 31 Mar 2020 16:27:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=6cPYQZBcpSBjCHL7lm5g0HIN6rsiqaSpnHn7XjTsEO0=; b=ZI8BMg0iMZpE/h608HI8HTzu1/42kepDSUwkkNKLWG3C13MRIjJQTmijFnNlwQO7RN HYHQI4j5NCnI04i9d6U3/uSExne771pR9Dntu6tY9we5cZNueQ+DAI3ft4QMqm8ufRTn 9ZIiyAj6JPTKISknv0rbOGwYis0sqMRmZxo6ZTvmRwXDC4/qp37fOl3uIpn74hJ4tePm ZWXSG8TWNBRJG/7RtK/2zU93q46MKPrs4mUUHtwM4WQPs56sxRRtaFeYOB9kTHvYW5E/ BmQQhtaS64689BCQ1ZA4NiPS49uWwDTlGEKTsK7B1RRsUbupqSFMr+z7fj0npvebaN8d +8fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=6cPYQZBcpSBjCHL7lm5g0HIN6rsiqaSpnHn7XjTsEO0=; b=PxJaqQI9QdzfA8GQx3cC9njwO0aub32ywhGUq34pcatvytZpXcGfIPsvNI6OWP/xa+ lNeNql1rAUa7uLZQhRSjHipXJDM+5S82JALjPL4SLJiRpfMrRB1W/Pl/p/13JyCsEvGK cGJE7MJUTE/Bl9+OVTVHLb4uuI2XOl36VJIcCQhP/7MqrAPDoSTpRni0JAJDnadcNRvJ ZdZ6RIrDQ4GzWEb5mP8r0yLEsLDhGf9hRSVUUwMIQNJOWwL8q/cvzmd103Y8p5JnPjue Lr2y5WiJcjdfyVKmIgMgKvW6Hur9YZMdbPZI16dtTdw04u0vWUJbr6JzjsnW9gYudkI0 dUjQ==
X-Gm-Message-State: ANhLgQ0QyDDlu5tnhvgDCKPgQ9N1WBs9FE5WuzsWy8w5dS5egK7IL2Ib Z+oCHVcon122X4PDu94u/es=
X-Google-Smtp-Source: ADFU+vtUHjab5ttg/cypqH/6jrJLZy3gsEzFvjZssxE58dH+tqmYy9YFU6rSBFBDA+ptjS1EvnqZAw==
X-Received: by 2002:a63:f44d:: with SMTP id p13mr20747741pgk.113.1585697240427; Tue, 31 Mar 2020 16:27:20 -0700 (PDT)
Received: from ?IPv6:2601:646:9600:af10:1896:ffbf:722e:92d5? ([2601:646:9600:af10:1896:ffbf:722e:92d5]) by smtp.gmail.com with ESMTPSA id o65sm178957pfg.187.2020.03.31.16.27.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 31 Mar 2020 16:27:19 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <e87119cf-443e-753a-1c87-0c2ae197a61a@joelhalpern.com>
Date: Tue, 31 Mar 2020 16:27:18 -0700
Cc: "Alberto Rodriguez Natal (natal)" <natal=40cisco.com@dmarc.ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9C98131B-A82E-43DE-B1F4-417018EF2C10@gmail.com>
References: <bf751274-3d10-4675-40ff-0876b968ec58@joelhalpern.com> <EB8728FF-8299-4915-81C0-7A414E1A1735@gmail.com> <b2bf2e7c-9535-e6b2-51ff-dc922c875fb7@joelhalpern.com> <F0929D9F-2726-48AF-90E0-9242A5898F4C@gmail.com> <e995cd58-3504-c7b4-a970-f55550e3829b@joelhalpern.com> <0310FDA2-6AE2-472B-82A7-D38039F64DDB@cisco.com> <293fbb16-75c4-bb79-e183-eaf781b696e3@joelhalpern.com> <613F569E-6FCF-4363-A60A-CB14C6459FE2@cisco.com> <8e654897-26f6-e4c2-db74-e5a15155e04b@joelhalpern.com> <D4231D6A-A0EC-484D-BE3A-C3E31476178B@gmail.com> <e87119cf-443e-753a-1c87-0c2ae197a61a@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/apNXUJhW57NpbVmL1a5sfqF0rZg>
Subject: Re: [lisp] Virtual meeting
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 23:27:24 -0000

> I may have missed something, but I think that in the case of the first notify, it does actually start at the Itr. 
>  Specifically, it starts with an ItR sending a subscribe request.  The MS responds to that with a notify.  What I am suggesting is that (when security is desired) the Itr includes the same kind of information in its subscribe that goes into lisp-sec.  And that the reply, instead of going directly from the MS back to the ITR goes through the ETR so that the rest of the lisp-sec procedures can be applied.

Yes, and in that Subscribe-Request you can include an OTK. But that one-time-key would be used more than one time. To send the Map-Notify to reply with the RLOC-set to the ITR as well as acknowledger from the Map-Server that subscription has been accepted. But then the one-time-key would have to be *stored* in the Map-Server and then used later when the RLOC-set changes to send an unsolicited Map-Notify. So the one-time-key would be “two time” and we would set a precedent to make it no longer ephemeral. In previous cases, the OTK was not stored anywhere.

> I would then use that as a bootstrap, putting necessary secrets to create the key information so that the MS can sign and the ITR can verify future notifies that go directly from the MS to the ITR.

If the working group believes that the OTK should be stored and then used again, then both the Map-Server and ITR would have to store it. In the original case, the ITR stores the OTK only until the time a Map-Reply or Map-Notify is received. But the Map-Server would have to store it indefinintely (per ITR that subscribes).

Dino

> 
> Yours,
> Joel
> 
> On 3/31/2020 1:33 PM, Dino Farinacci wrote:
>>> thinking about Alberto's request, and reading the document, I wondered if the security could be improved by sending the first notify back via the ETR, and coupling it to LISP-SEC to protect the information and provide needed keys for further messages? It seems like we do need a way to protect the notifications, and requiring associations from every ITR to every MS who may provide notifications seems impossible.
>> You can’t use LISP-SEC because the transactional nature of it starts with an ITR and a one-time-key, that is used to signed Map-Replies returning to it.
>> For Map-Notify messages send from Map-Server via ETR, there would be no ITR one-time-key. And if the Map-Server used its own one-time-key, the ITR couldn’t derive it. Note with LISP-SEC the map-server one-time-key is derived from the ITR’s one-time-key in the Map-Request.
>> Dino

v2.23.0 | Report a Bug | By Email