Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <rbonica@juniper.net> Thu, 15 May 2014 19:47 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C16931A013C for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 12:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Level:
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ez5tp6F3BzsW for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 12:47:15 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0187.outbound.protection.outlook.com [207.46.163.187]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60AB71A016C for <lisp@ietf.org>; Thu, 15 May 2014 12:47:15 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO2PR05MB635.namprd05.prod.outlook.com (10.141.199.22) with Microsoft SMTP Server (TLS) id 15.0.944.11; Thu, 15 May 2014 19:47:05 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.206]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.206]) with mapi id 15.00.0944.000; Thu, 15 May 2014 19:47:05 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: Dino Farinacci <farinacci@gmail.com>, Ross Callon <rcallon@juniper.net>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPa58LSm48HWl6Wky1MR3KNHiENZs9MyiAgAD04oCAAJJCAIAAFSQAgANEi6A=
Date: Thu, 15 May 2014 19:47:04 +0000
Message-ID: <b8a367fbacd544f088e615ee5dea7001@CO1PR05MB442.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <e03a83d7e45345dfbbe5f08f54cb47fa@CO2PR05MB636.namprd05.prod.outlook.com> <11916828-2EE5-4B46-B6F3-994CD9DBA42D@gmail.com>
In-Reply-To: <11916828-2EE5-4B46-B6F3-994CD9DBA42D@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.14]
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(377454003)(199002)(189002)(13464003)(51704005)(74316001)(66066001)(74662001)(80022001)(74502001)(31966008)(15975445006)(83072002)(2656002)(79102001)(101416001)(87936001)(85852003)(64706001)(76576001)(20776003)(54356999)(4396001)(99286001)(1941001)(99396002)(76482001)(83322001)(19580405001)(33646001)(77982001)(19580395003)(92566001)(21056001)(76176999)(50986999)(86362001)(46102001)(81542001)(81342001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO2PR05MB635; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/bZj86_R5o8LhY3Hbo9O8v-8VzIY
Cc: Roger Jorgensen <rogerj@gmail.com>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 19:47:17 -0000

Dino,

Don't you always have to trust the mapping system? 

Did you mean to say, "If you want to trust the originator of the gleaned information, ...." ?

                                                                           Ron


                                                                                                                      

> -----Original Message-----
> From: lisp [mailto:lisp-bounces@ietf.org] On Behalf Of Dino Farinacci
> Sent: Tuesday, May 13, 2014 1:47 PM
> To: Ross Callon
> Cc: Roger Jorgensen; lisp@ietf.org
> Subject: Re: [lisp] Restarting last call on LISP threats
> 
> > Thus if we assume that draft-ietf-lisp-sec-06 works, then what we hear
> back from the mapping system should be correct (or should be equally
> reliable to what we hear back from the DNS system today, and we do today
> rely on DNS when we are contacting our bank or brokerage service to
> conduct financial transactions).
> 
> The main LISP spec (RFC6830) indicates if you want to trust the mapping
> system you can use the gleaned information as soon as you receive it. And if
> you don't trust the mapping system, you can send a "verifying Map-Request"
> to the mapping system which results in a signed Map-Reply returned ala
> draft-ietf-lisp-sec-06.
> 
> Dino
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp