Re: [lisp] LISP-SEC review (finally)
Fabio Maino <fmaino@cisco.com> Wed, 19 October 2016 15:33 UTC
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1C1D129556; Wed, 19 Oct 2016 08:33:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.941
X-Spam-Level:
X-Spam-Status: No, score=-14.941 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOmjNz2gnyCE; Wed, 19 Oct 2016 08:32:55 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A4AF126FDC; Wed, 19 Oct 2016 08:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=116792; q=dns/txt; s=iport; t=1476891175; x=1478100775; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=oraIku8xAM8eTMd2GUTgDfabrkonHGqT4a2BvI7Bgu8=; b=MoTTxcjXK7BU/aksV2dyMHUjGHYQYei028df38nfR/yUikVN2m8mKsVS dvxd4TaDV+bFBg/soiLa4b9PnK1SdxoDK83WSvOUI8szgvZPo0hs2xVkI JEdRssCG8ITXeS5MRs6YlDOOKAjGDLQ64GvGaoL895TJVtJchpVgF1Pga s=;
X-IronPort-AV: E=Sophos;i="5.31,514,1473120000"; d="scan'208,217";a="161514927"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Oct 2016 15:32:54 +0000
Received: from [10.24.119.45] ([10.24.119.45]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9JFWqJa023991; Wed, 19 Oct 2016 15:32:53 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <26b25fda-5964-8979-06c8-63db76be46a1@cisco.com>
Date: Wed, 19 Oct 2016 08:32:52 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="------------AE9CBA7B01D75C294BE5A759"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/e98JS_s6i9THJwEA_77JNymlT_U>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 15:33:01 -0000
Thanks Luigi, we will look into your comments and come back. Fabio On 10/19/16 8:06 AM, Luigi Iannone wrote: > Dear Authors of the LISP-SEC document, > > hereafter my review of the document. > This was long overdue, sorry for being so late. > > I really like the solution and the majority of my comments are just > clarification questions. > Let me know if my comments are clear. > > ciao > > L. > > > >> 1. Introduction >> >> The Locator/ID Separation Protocol [RFC6830] defines a set of >> functions for routers to exchange information used to map from non- >> routable Endpoint Identifiers (EIDs) to routable Routing Locators >> (RLOCs). > I find the above sentence confusing. Wouldn’t be better to specify > that we are talking about IP addresses? > >> If these EID-to-RLOC mappings, carried through Map-Reply >> messages, are transmitted without integrity protection, an adversary >> can manipulate them and hijack the communication, impersonate the >> requested EID, or mount Denial of Service or Distributed Denial of >> Service attacks. Also, if the Map-Reply message is transported >> unauthenticated, an adversarial LISP entity can overclaim an EID- >> prefix and maliciously redirect traffic directed to a large number of >> hosts. A detailed description of "overclaiming" attack is provided >> in [RFC7835]. >> >> This memo specifies LISP-SEC, a set of security mechanisms that >> provides origin authentication, integrity and anti-replay protection >> to LISP's EID-to-RLOC mapping data conveyed via mapping lookup >> process. > > I would put s forward reference to section 3 stating that the reader > will find details about the threat model. > >> LISP-SEC also enables verification of authorization on EID- >> prefix claims in Map-Reply messages, ensuring that the sender of a >> Map-Reply that provides the location for a given EID-prefix is >> entitled to do so according to the EID prefix registered in the >> associated Map-Server. Map-Register security, including the right >> for a LISP entity to register an EID-prefix or to claim presence at >> an RLOC, is out of the scope of LISP-SEC. Additional security >> considerations are described in Section 6. >> >> 2. Definition of Terms >> >> One-Time Key (OTK): An ephemeral randomly generated key that must >> be used for a single Map-Request/Map-Reply exchange. >> >> >> >> ITR-OTK: The One-Time Key generated at the ITR. >> >> MS-OTK: The One-Time Key generated at the Map-Server. > > Why are you considering ITR-OTK and MS-OTK sub-terms? > I would elevate them at full terms, hence avoiding spacing and > indentation. > >> Encapsulated Control Message (ECM): A LISP control message that is >> prepended with an additional LISP header. ECM is used by ITRs to >> send LISP control messages to a Map-Resolver, by Map-Resolvers to >> forward LISP control messages to a Map-Server, and by Map- >> Resolvers to forward LISP control messages to an ETR. >> > Why are you re-defining ECM? > You do not specify other packets, e.g., Map-Reply, so why ECM? > I would drop it. > > >> Authentication Data (AD): Metadata that is included either in a >> LISP ECM header or in a Map-Reply message to support >> confidentiality, integrity protection, and verification of EID- >> prefix authorization. >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 3] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> OTK-AD: The portion of ECM Authentication Data that contains a >> One-Time Key. >> >> EID-AD: The portion of ECM and Map-Reply Authentication Data >> used for verification of EID-prefix authorization. >> >> PKT-AD: The portion of Map-Reply Authentication Data used to >> protect the integrity of the Map-Reply message. > > > Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms? > I would elevate them at full terms, hence avoiding spacing and > indentation. > > >> For definitions of other terms, notably Map-Request, Map-Reply, >> Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server >> (MS), and Map-Resolver (MR) please consult the LISP specification >> [RFC6830]. >> >> 3. LISP-SEC Threat Model >> >> LISP-SEC addresses the control plane threats, described in [RFC7835], >> that target EID-to-RLOC mappings, including manipulations of Map- >> Request and Map-Reply messages, and malicious ETR EID prefix >> overclaiming. LISP-SEC makes two main assumptions: (1) the LISP >> mapping system is expected to deliver a Map-Request message to their >> intended destination ETR as identified by the EID, and (2) no man-in- >> the-middle (MITM) attack can be mounted within the LISP Mapping >> System. Furthermore, while LISP-SEC enables detection of EID prefix >> overclaiming attacks, it assumes that Map-Servers can verify the EID >> prefix authorization at time of registration. > LISP-SEC does not require OTK confidentiality in the mapping system. > This should be discussed here. > > >> According to the threat model described in [RFC7835] LISP-SEC assumes >> that any kind of attack, including MITM attacks, can be mounted in >> the access network, outside of the boundaries of the LISP mapping >> system. An on-path attacker, outside of the LISP mapping system can, >> for example, hijack Map-Request and Map-Reply messages, spoofing the >> identity of a LISP node. Another example of on-path attack, called >> overclaiming attack, can be mounted by a malicious Egress Tunnel >> Router (ETR), by overclaiming the EID-prefixes for which it is >> authoritative. In this way the ETR can maliciously redirect traffic >> directed to a large number of hosts. >> >> 4. Protocol Operations >> >> The goal of the security mechanisms defined in [RFC6830] is to >> prevent unauthorized insertion of mapping data by providing origin >> authentication and integrity protection for the Map-Registration, and >> by using the nonce to detect unsolicited Map-Reply sent by off-path >> attackers. >> >> LISP-SEC builds on top of the security mechanisms defined in >> [RFC6830] to address the threats described in Section 3 by leveraging >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 4] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> the trust relationships existing among the LISP entities >> participating to the exchange of the Map-Request/Map-Reply messages. >> Those trust relationships are used to securely distribute a One-Time >> Key (OTK) that provides origin authentication, integrity and anti- >> replay protection to mapping data conveyed via the mapping lookup >> process, and that effectively prevent overclaiming attacks. The >> processing of security parameters during the Map-Request/Map-Reply >> exchange is as follows: >> >> o The ITR-OTK is generated and stored at the ITR, and securely >> transported to the Map-Server. >> >> o The Map-Server uses the ITR-OTK to compute an HMAC that protects > You did not define HMAC acronym. Please define and add a reference. > >> the integrity of the mapping data known to the Map-Server to >> prevent overclaiming attacks. The Map-Server also derives a new >> OTK, the MS-OTK, that is passed to the ETR, by applying a Key >> Derivation Function (KDF) to the ITR-OTK. >> >> o The ETR uses the MS-OTK to compute an HMAC that protects the >> integrity of the Map-Reply sent to the ITR. >> >> o Finally, the ITR uses the stored ITR-OTK to verify the integrity >> of the mapping data provided by both the Map-Server and the ETR, >> and to verify that no overclaiming attacks were mounted along the >> path between the Map-Server and the ITR. >> >> Section 5 provides the detailed description of the LISP-SEC control >> messages and their processing, while the rest of this section >> describes the flow of protocol operations at each entity involved in >> the Map-Request/Map-Reply exchange: >> >> o The ITR, upon needing to transmit a Map-Request message, generates >> and stores an OTK (ITR-OTK). This ITR-OTK is included into the >> Encapsulated Control Message (ECM) that contains the Map-Request >> sent to the Map-Resolver. To provide confidentiality to the ITR- >> OTK over the path between the ITR and its Map-Resolver, the ITR- >> OTK SHOULD > Why not using “MUST”??? > Are you suggesting that a different way to provide confidentiality can > be used (e.g. a different shared key)??? > If yes, please state so. > > Or are you suggesting that no encryption at all is used? But this > means not providing confidentiality… > Can you clarify? > > (this very same comment will appear several time in this review) >> be encrypted using a preconfigured key shared between >> the ITR and the Map-Resolver, similar to the key shared between >> the ETR and the Map-Server in order to secure ETR registration >> [RFC6833]. >> >> o The Map-Resolver decapsulates the ECM message, decrypts the ITR- >> OTK, if needed, and forwards through the Mapping System the >> received Map-Request and the ITR-OTK, as part of a new ECM >> message. As described in Section 5.6, the LISP Mapping System >> delivers the ECM to the appropriate Map-Server, as identified by >> the EID destination address of the Map-Request. >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 5] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> o The Map-Server is configured with the location mappings and policy >> information for the ETR responsible for the EID destination >> address. Using this preconfigured information, the Map-Server, >> after the decapsulation of the ECM message, finds the longest >> match EID-prefix that covers the requested EID in the received >> Map-Request. The Map-Server adds this EID-prefix, together with >> an HMAC computed using the ITR-OTK, to a new Encapsulated Control >> Message that contains the received Map-Request. >> >> o The Map-Server derives a new OTK, the MS-OTK, by applying a Key >> Derivation Function (KDF) to the ITR-OTK. This MS-OTK is included >> in the Encapsulated Control Message that the Map-Server uses to >> forward the Map-Request to the ETR. To provide MS-OTK >> confidentiality over the path between the Map-Server and the ETR, >> the MS-OTK should > This “should” should be a “SHOULD” (sorry for the cacophony…) > > Why not using “MUST”??? > Are you suggesting that a different way to provide confidentiality can > be used (e.g. a different shared key)??? > If yes, please state so. > > Or are you suggesting that no encryption at all is used? But this > means not providing confidentiality… > Can you clarify? > >> be encrypted using the key shared between the >> ETR and the Map-Server in order to secure ETR registration >> [RFC6833]. >> >> o If the Map-Server is acting in proxy mode, as specified in >> [RFC6830], the ETR is not involved in the generation of the Map- >> Reply. In this case the Map-Server generates the Map-Reply on >> behalf of the ETR as described below. >> >> o The ETR, upon receiving the ECM encapsulated Map-Request from the >> Map-Server, decrypts the MS-OTK, if needed, and originates a >> standard Map-Reply that contains the EID-to-RLOC mapping >> information as specified in [RFC6830]. >> >> o The ETR computes an HMAC over this standard Map-Reply, keyed with >> MS-OTK to protect the integrity of the whole Map-Reply. The ETR >> also copies the EID-prefix authorization data that the Map-Server >> included in the ECM encapsulated Map-Request into the Map-Reply >> message. The ETR then sends this complete Map-Reply message to >> the requesting ITR. >> >> o The ITR, upon receiving the Map-Reply, uses the locally stored >> ITR-OTK to verify the integrity of the EID-prefix authorization >> data included in the Map-Reply by the Map-Server. The ITR >> computes the MS-OTK by applying the same KDF used by the Map- >> Server, and verifies the integrity of the Map-Reply. If the >> integrity checks fail, the Map-Reply MUST be discarded. Also, if >> the EID-prefixes claimed by the ETR in the Map-Reply are not equal >> or more specific than the EID-prefix authorization data inserted >> by the Map-Server, the ITR MUST discard the Map-Reply. >> >> >> >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 6] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> 5. LISP-SEC Control Messages Details >> >> LISP-SEC metadata associated with a Map-Request is transported within >> the Encapsulated Control Message that contains the Map-Request. >> >> LISP-SEC metadata associated with the Map-Reply is transported within >> the Map-Reply itself. >> >> 5.1. Encapsulated Control Message LISP-SEC Extensions >> >> LISP-SEC uses the ECM (Encapsulated Control Message) defined in >> [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the >> LISP header includes Authentication Data (AD). The format of the >> LISP-SEC ECM Authentication Data is defined in the following figure. >> OTK-AD stands for One-Time Key Authentication Data and EID-AD stands >> for EID Authentication Data. >> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | AD Type |V| Reserved | Requested HMAC ID | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ >> | OTK Length | OTK Encryption ID | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> | One-Time-Key Preamble ... | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD >> | ... One-Time-Key Preamble | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> ~ One-Time Key (128 bits) ~/ >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+ >> | EID-AD Length | KDF ID | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> | Record Count | Reserved | EID HMAC ID | EID-AD >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ | >> | Reserved | EID mask-len | EID-AFI | | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec | >> ~ EID-prefix ... ~ | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ | >> ~ EID HMAC ~ | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+ > I think that “rec” is mis-aligned and should be shifted one character > upward. > >> LISP-SEC ECM Authentication Data >> >> AD Type: 1 (LISP-SEC Authentication Data) > This is the first document starting to allocate values to the "AD > Type” value. > Why not asking IANA to create a registry?? > (to be done in the IANA Considerations Section) > > > >> V: Key Version bit. This bit is toggled when the sender switches >> to a new OTK wrapping key >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 7] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> Reserved: Set to 0 on transmission and ignored on receipt. >> >> Requested HMAC ID: The HMAC algorithm requested by the ITR. See >> Section 5.4 for details. >> >> OTK Length: The length (in bytes) of the OTK Authentication Data >> (OTK-AD), that contains the OTK Preamble and the OTK. >> >> OTK Encryption ID: The identifier of the key wrapping algorithm >> used to encrypt the One-Time-Key. When a 128-bit OTK is sent >> unencrypted by the Map-Resolver, the OTK Encryption ID is set to >> NULL_KEY_WRAP_128. See Section 5.5 for more details. >> >> One-Time-Key Preamble: set to 0 if the OTK is not encrypted. When >> the OTK is encrypted, this field may carry additional metadata >> resulting from the key wrapping operation. When a 128-bit OTK is >> sent unencrypted by Map-Resolver, the OTK Preamble is set to >> 0x0000000000000000 (64 bits). See Section 5.5 for details. >> >> One-Time-Key: the OTK encrypted (or not) as specified by OTK >> Encryption ID. See Section 5.5 for details. >> >> EID-AD Length: length (in bytes) of the EID Authentication Data >> (EID-AD). The ITR MUST set EID-AD Length to 4 bytes, as it only >> fills the KDF ID field, and all the remaining fields part of the >> EID-AD are not present. An EID-AD MAY contain multiple EID- >> records. Each EID-record is 4-byte long plus the length of the >> AFI-encoded EID-prefix. >> >> KDF ID: Identifier of the Key Derivation Function used to derive >> the MS-OTK. The ITR SHOULD use this field to indicate the >> recommended KDF algorithm, according to local policy. > I am not sure I understand the rationale of this “SHOULD”. If for any > reason the ITR does not indicate the KDF ID what are the consequences? > Is the MS free to choose the algorithm? This should be clarified. > >> The Map- >> Server can overwrite the KDF ID if it does not support the KDF ID >> recommended by the ITR. > What happens if the MS will choose a KDF ID not supported by the ITR? > Can you clarify how to solve this situation or explain why this will > never happen? > >> See Section 5.4 for more details. >> >> Record Count: The number of records in this Map-Request message. >> A record is comprised of the portion of the packet that is labeled >> 'Rec' above and occurs the number of times equal to Record Count. >> >> Reserved: Set to 0 on transmission and ignored on receipt. >> >> EID HMAC ID: Identifier of the HMAC algorithm used to protect the >> integrity of the EID-AD. This field is filled by Map-Server that >> computed the EID-prefix HMAC. See Section 5.4 for more details. >> >> EID mask-len: Mask length for EID-prefix. >> >> EID-AFI: Address family of EID-prefix according to [RFC5226] >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 8] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> EID-prefix: The Map-Server uses this field to specify the EID- >> prefix that the destination ETR is authoritative for, and is the >> longest match for the requested EID. >> >> EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server. >> Before computing the HMAC operation the EID HMAC field MUST be set >> to 0. The HMAC covers the entire EID-AD. >> >> 5.2. Map-Reply LISP-SEC Extensions >> >> LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2, >> and S bit set to 1 to indicate that the Map-Reply message includes >> Authentication Data (AD). The format of the LISP-SEC Map-Reply >> Authentication Data is defined in the following figure. PKT-AD is >> the Packet Authentication Data that covers the Map-Reply payload. >> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | AD Type | Reserved | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+ >> | EID-AD Length | KDF ID | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> | Record Count | Reserved | EID HMAC ID | EID-AD >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ | >> | Reserved | EID mask-len | EID-AFI | | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec | >> ~ EID-prefix ... ~ | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ | >> ~ EID HMAC ~ | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+ >> | PKT-AD Length | PKT HMAC ID |\ >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> ~ PKT HMAC ~ PKT-AD >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ >> >> LISP-SEC Map-Reply Authentication Data >> >> AD Type: 1 (LISP-SEC Authentication Data) > Shouldn’t this be a different value? This AD format is different from > the one described in section 5.1! > Another reason to ask IANA for a registry…. > > >> EID-AD Length: length (in bytes) of the EID-AD. An EID-AD MAY >> contain multiple EID-records. Each EID-record is 4-byte long plus >> the length of the AFI-encoded EID-prefix. >> >> KDF ID: Identifier of the Key Derivation Function used to derive >> MS-OTK. See Section 5.7 for more details. >> >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 9] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> Record Count: The number of records in this Map-Reply message. A >> record is comprised of the portion of the packet that is labeled >> 'Rec' above and occurs the number of times equal to Record Count. >> >> Reserved: Set to 0 on transmission and ignored on receipt. >> >> EID HMAC ID: Identifier of the HMAC algorithm used to protect the >> integrity of the EID-AD. See Section 5.7 for more details. >> >> EID mask-len: Mask length for EID-prefix. >> >> EID-AFI: Address family of EID-prefix according to [RFC5226]. >> >> EID-prefix: This field contains an EID-prefix that the destination >> ETR is authoritative for, and is the longest match for the >> requested EID. >> >> EID HMAC: HMAC of the EID-AD, as computed by the Map-Server. >> Before computing the HMAC operation the EID HMAC field MUST be set >> to 0. The HMAC covers the entire EID-AD. >> >> PKT-AD Length: length (in bytes) of the Packet Authentication Data >> (PKT-AD). >> >> PKT HMAC ID: Identifier of the HMAC algorithm used to protect the >> integrity of the Map-reply Location Data. > “Location Data” is something nowhere defined. Can you clarify what do > you mean? > > >> PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP- >> SEC Authentication Data. The scope of the authentication goes >> from the Map-Reply Type field to the PKT HMAC field included. >> Before computing the HMAC operation the PKT HMAC field MUST be set >> to 0. See Section 5.8 for more details. >> >> 5.3. Map-Register LISP-SEC Extentions >> >> The second bit after the Type field in a Map-Register message is >> allocated as the S bit. > I would better explain that this document is allocating a bit marked > as reserved in 6830. > Furthermore, at the cost of being redundant, I would put the packet > format highlighting the position of the bit so that there is no > confusion whatsoever. > >> The S bit indicates to the Map-Server that >> the registering ETR is LISP-SEC enabled. An ETR that supports LISP- >> SEC MUST set the S bit in its Map-Register messages. >> >> 5.4. ITR Processing >> >> Upon creating a Map-Request, the ITR generates a random ITR-OTK that >> is stored locally, together with the nonce generated as specified in >> [RFC6830]. >> >> The Map-Request MUST be encapsulated in an ECM, with the S-bit set to >> 1, to indicate the presence of Authentication Data. If the ITR and >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 10] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> the Map-Resolver are configured with a shared key, > In section 4 you seem to suggest that this is not the only way to > protect the OTK (see my comment). > Here instead you suggest that a shared key is the only way. >> the ITR-OTK >> confidentiality SHOULD be protected by wrapping the ITR-OTK with the >> algorithm specified by the OTK Encryption ID field. > Not clear what this “SHOULD” refers to. > IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD > encrypt. > Or the choice of the algorithm? The ITR SHOULD use the algorithm > specified by the OTK Encryption ID? > The second case looks impossible since is the ITR is choosing the > algorithm. May be the sentence can be rewritten. > > Similarly to previous comment: Why it is not a MUST? >> See Section 5.5 >> for further details on OTK encryption. >> >> The Requested HMAC ID field contains the suggested HMAC algorithm to >> be used by the Map-Server and the ETR to protect the integrity of the >> ECM Authentication data and of the Map-Reply. >> > What happens if the MS will choose a HMAC not supported by the ETR or > the ITR? > Can you clarify how to solve this situation or explain why this will > never happen? > >> The KDF ID field, specifies the suggested key derivation function to >> be used by the Map-Server to derive the MS-OTK. > > What happens if the MS will choose a KDF ID not supported by the ITR? > Can you clarify how to solve this situation or explain why this will > never happen? > >> The EID-AD length is set to 4 bytes, since the Authentication Data >> does not contain EID-prefix Authentication Data, and the EID-AD >> contains only the KDF ID field. >> >> In response to an encapsulated Map-Request that has the S-bit set, an >> ITR MUST receive a Map-Reply with the S-bit set, that includes an >> EID-AD and a PKT-AD. If the Map-Reply does not include both ADs, the >> ITR MUST discard it. In response to an encapsulated Map-Request with >> S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and >> the ITR SHOULD discard the Map-Reply if the S-bit is set. > Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is > no AD, hence no OTK, how can the ITR decrypt the reply????? > It MUST discard….. > > >> Upon receiving a Map-Reply, the ITR must verify the integrity of both >> the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of >> the integrity checks fails. >> >> The integrity of the EID-AD is verified using the locally stored ITR- >> OTK to re-compute the HMAC of the EID-AD using the algorithm >> specified in the EID HMAC ID field. If the EID HMAC ID field does >> not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply > Why is this a SHOULD? If it supports the HMAC Algorithm why not > decrypt? Shouldn’t this be a “MAY”, according to internal policy? >> and send, at the first opportunity it needs to, a new Map-Request >> with a different Requested HMAC ID field, according to ITR's local >> policy. The ITR MUST set the EID HMAC ID field to 0 before computing >> the HMAC. > Shouldn’t the MS do the same thing? Otherwise different values will be > obtained. This is not specified in the MS functioning description. > > >> To verify the integrity of the PKT-AD, first the MS-OTK is derived >> from the locally stored ITR-OTK using the algorithm specified in the >> KDF ID field. This is because the PKT-AD is generated by the ETR >> using the MS-OTK. If the KDF ID in the Map-Reply does not match the >> KDF ID requested in the Map-Request, the ITR SHOULD discard the Map- >> Reply and send, at the first opportunity it needs to, a new Map- >> Request with a different KDF ID, according to ITR's local policy. >> The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD >> using the Algorithm specified in the PKT HMAC ID field. If the PKT >> HMAC ID field does not match the Requested HMAC ID the ITR SHOULD >> discard the Map-Reply and send, at the first opportunity it needs to, >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 11] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> a new Map-Request with a different Requested HMAC ID according to >> ITR's local policy. >> >> Each individual Map-Reply EID-record is considered valid only if: (1) >> both EID-AD and PKT-AD are valid, and (2) the intersection of the >> EID-prefix in the Map-Reply EID-record with one of the EID-prefixes >> contained in the EID-AD is not empty. After identifying the Map- >> Reply record as valid, the ITR sets the EID-prefix in the Map-Reply >> record to the value of the intersection set computed before, and adds >> the Map-Reply EID-record to its EID-to-RLOC cache, as described in >> [RFC6830]. An example of Map-Reply record validation is provided in >> Section 5.4.1. >> >> The ITR SHOULD send SMR triggered Map-Requests over the mapping >> system in order to receive a secure Map-Reply. > I do not understand this “SHOULD”. This has consequences in the > choice how to react to SMR. This is a local policy. > _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR > triggered Map-Request MUST be sent through the mapping system. > > >> If an ITR accepts >> piggybacked Map-Replies, it SHOULD also send a Map-Request over the >> mapping system in order to securely verify the piggybacked Map-Reply. > Same as above. > >> 5.4.1. Map-Reply Record Validation >> >> The payload of a Map-Reply may contain multiple EID-records. The >> whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide >> integrity protection and origin authentication to the EID-prefix >> records claimed by the ETR. The Authentication Data field of a Map- >> Reply may contain multiple EID-records in the EID-AD. The EID-AD is >> signed by the Map-Server, with the EID HMAC, to provide integrity >> protection and origin authentication to the EID-prefix records >> inserted by the Map-Server. >> >> Upon receiving a Map-Reply with the S-bit set, the ITR first checks >> the validity of both the EID HMAC and of the PKT-AD HMAC. If either >> one of the HMACs is not valid, a log message is issued and the Map- >> Reply is not processed any further. > I think “log message" is too much implementation specific. > If there is a notification, and how this notification is done, is > implementation specific IMHO. > >> If both HMACs are valid, the ITR >> proceeds with validating each individual EID-record claimed by the >> ETR by computing the intersection of each one of the EID-prefix >> contained in the payload of the Map-Reply with each one of the EID- >> prefixes contained in the EID-AD. An EID-record is valid only if at >> least one of the intersections is not the empty set. >> >> For instance, the Map-Reply payload contains 3 mapping record EID- >> prefixes: >> >> 1.1.1.0/24 >> >> 1.1.2.0/24 >> >> 1.2.0.0/16 >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 12] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> The EID-AD contains two EID-prefixes: >> >> 1.1.2.0/24 >> >> 1.2.3.0/24 >> >> The EID-record with EID-prefix 1.1.1.0/24 is not processed since it >> is not included in any of the EID-ADs signed by the Map-Server. A >> log message is issued. > I think “log message" is too much implementation specific. > If there is a notification, and how this notification is done, is > implementation specific IMHO. > >> The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache >> because it matches the second EID-prefix contained in the EID-AD. >> >> The EID-record with EID-prefix 1.2.0.0/16 is not processed since it >> is not included in any of the EID-ADs signed by the Map-Server. A >> log message is issued. > I think “log message" is too much implementation specific. > If there is a notification, and how this notification is done, is > implementation specific IMHO. > >> In this last example the ETR is trying to >> over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized >> only 1.2.3.0/24, hence the EID-record is discarded. > Reading the example I am not sure I would follow this behaviour. > Only 1 record out of 3 is valid so why should I actually trust the ETR > instead of throwing everything away? > Can you explain ??? > > > >> 5.4.2. PITR Processing >> >> The processing performed by a PITR is equivalent to the processing of >> an ITR. However, if the PITR is directly connected to the ALT, > This would be LISP+ALT. Pleas add a reference to 6836. > >> the >> PITR performs the functions of both the ITR and the Map-Resolver >> forwarding the Map-Request encapsulated in an ECM header that >> includes the Authentication Data fields as described in Section 5.6. >> >> 5.5. Encrypting and Decrypting an OTK >> >> MS-OTK confidentiality is required in the path between the Map-Server >> and the ETR, the MS-OTK SHOULD > If confidentiality is required why there is not a MUST? > >> be encrypted using the preconfigured >> key shared between the Map-Server and the ETR for the purpose of >> securing ETR registration [RFC6833]. Similarly, if ITR-OTK >> confidentiality is required in the path between the ITR and the Map- >> Resolver, the ITR-OTK SHOULD > Again, if confidentiality is required why there is not a MUST? > >> be encrypted with a key shared between >> the ITR and the Map-Resolver. >> >> The OTK is encrypted using the algorithm specified in the OTK >> Encryption ID field. When the AES Key Wrap algorithm is used to >> encrypt a 128-bit OTK, according to [RFC3339], > The correct RFC is 3394. > >> the AES Key Wrap >> Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits). >> The output of the AES Key Wrap operation is 192-bit long. The most >> significant 64-bit are copied in the One-Time Key Preamble field, >> while the 128 less significant bits are copied in the One-Time Key >> field of the LISP-SEC Authentication Data. >> >> When decrypting an encrypted OTK the receiver MUST verify that the >> Initialization Value resulting from the AES Key Wrap decryption >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 13] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> operation is equal to 0xA6A6A6A6A6A6A6A6. If this verification fails >> the receiver MUST discard the entire message. >> >> When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set >> to NULL_KEY_WRAP_128, and the OTK Preamble is set to >> 0x0000000000000000 (64 bits). >> >> 5.6. Map-Resolver Processing >> >> Upon receiving an encapsulated Map-Request with the S-bit set, the >> Map-Resolver decapsulates the ECM message. The ITR-OTK, if >> encrypted, is decrypted as specified in Section 5.5. >> >> The Map-Resolver, as specified in [RFC6833], originates a new ECM >> header with the S-bit set, that contains the unencrypted ITR-OTK, as >> specified in Section 5.5, and the other data derived from the ECM >> Authentication Data of the received encapsulated Map-Request. > Few points on this last paragraph: > - You assume that there is no need of confidentiality inside the > Mapping System? > - Why not stating that encryption inside the mapping system is mapping > system specify and out of scope of this document? > - Why are you assuming that all of the Mapping system will use ECM? > Future Mapping system may use soemthos different. The important point > is to ship the AD along. >> The Map-Resolver then forwards > to whom? >> the received Map-Request, encapsulated >> in the new ECM header that includes the newly computed Authentication >> Data fields. > As for my comment of the previous paragraph I would be more generic > stating that the MR will hand over the request to the mapping system. > > You can still provide the example of DDT using ECM. > >> 5.7. Map-Server Processing >> >> Upon receiving an ECM encapsulated Map-Request with the S-bit set, >> the Map-Server process the Map-Request according to the value of the >> S-bit contained in the Map-Register sent by the ETR during >> registration. >> >> If the S-bit contained in the Map-Register was clear the Map-Server >> decapsulates the ECM and generates a new ECM encapsulated Map-Request >> that does not contain an ECM Authentication Data, as specified in >> [RFC6830]. The Map-Server does not perform any further LISP-SEC >> processing. > This equivalent to not using LISP-SEC. Please specify that the > Map-Reply will be not protected. > >> If the S-bit contained in the Map-Register was set the Map-Server >> decapsulates the ECM and generates a new ECM Authentication Data. >> The Authentication Data includes the OTK-AD and the EID-AD, that >> contains EID-prefix authorization information, that are ultimately >> sent to the requesting ITR. >> >> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from >> the ITR-OTK received with the Map-Request. MS-OTK is derived >> applying the key derivation function specified in the KDF ID field. >> If the algorithm specified in the KDF ID field is not supported, the >> Map-Server uses a different algorithm to derive the key and updates >> the KDF ID field accordingly. >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 14] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> The Map-Server and the ETR MUST be configured with a shared key for >> mapping registration according to [RFC6833]. If MS-OTK >> confidentiality is required, then the MS-OTK SHOULD be encrypted, > Again, if confidentiality is required why there is not a MUST? >> by >> wrapping the MS-OTK with the algorithm specified by the OTK >> Encryption ID field as specified in Section 5.5. >> >> The Map-Server includes in the EID-AD the longest match registered >> EID-prefix for the destination EID, and an HMAC of this EID-prefix. >> The HMAC is keyed with the ITR-OTK contained in the received ECM >> Authentication Data, and the HMAC algorithm is chosen according to >> the Requested HMAC ID field. If The Map-Server does not support this >> algorithm, the Map-Server uses a different algorithm and specifies it >> in the EID HMAC ID field. The scope of the HMAC operation covers the >> entire EID-AD, from the EID-AD Length field to the EID HMAC field, >> which must be set to 0 before the computation. >> >> The Map-Server then forwards the updated ECM encapsulated Map- >> Request, that contains the OTK-AD, the EID-AD, and the received Map- >> Request to an authoritative ETR as specified in [RFC6830]. >> >> 5.7.1. Map-Server Processing in Proxy mode >> >> If the Map-Server is in proxy mode, it generates a Map-Reply, as >> specified in [RFC6830], with the S-bit set to 1. The Map-Reply >> includes the Authentication Data that contains the EID-AD, computed >> as specified in Section 5.7, as well as the PKT-AD computed as >> specified in Section 5.8. >> >> 5.8. ETR Processing >> >> Upon receiving an ECM encapsulated Map-Request with the S-bit set, >> the ETR decapsulates the ECM message. The OTK field, if encrypted, >> is decrypted as specified in Section 5.5 to obtain the unencrypted >> MS-OTK. >> >> The ETR then generates a Map-Reply as specified in [RFC6830] and >> includes the Authentication Data that contains the EID-AD, as >> received in the encapsulated Map-Request, as well as the PKT-AD. >> >> The EID-AD is copied from the Authentication Data of the received >> encapsulated Map-Request. >> >> The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed >> with the MS-OTK and computed using the HMAC algorithm specified in >> the Requested HMAC ID field of the received encapsulated Map-Request. >> If the ETR does not support the Requested HMAC ID, it uses a >> different algorithm and updates the PKT HMAC ID field accordingly. >> The scope of the HMAC operation covers the entire PKT-AD, from the >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 15] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> Map-Reply Type field to the PKT HMAC field, which must be set to 0 >> before the computation. >> >> Finally the ETR sends the Map-Reply to the requesting ITR as >> specified in [RFC6830]. >> >> 6. Security Considerations >> >> 6.1. Mapping System Security >> >> The LISP-SEC threat model described in Section 3, assumes that the >> LISP Mapping System is working properly and eventually delivers Map- >> Request messages to a Map-Server that is authoritative for the >> requested EID. >> > > As for a previous comment, can you elaborate if OTK confidentiality is > required in the mapping system and what are the consequences? > > >> Map-Register security, including the right for a LISP entity to >> register an EID-prefix or to claim presence at an RLOC, is out of the >> scope of LISP-SEC. >> >> 6.2. Random Number Generation >> >> The ITR-OTK MUST be generated by a properly seeded pseudo-random (or >> strong random) source. See [RFC4086] for advice on generating >> security-sensitive random data >> >> 6.3. Map-Server and ETR Colocation >> >> If the Map-Server and the ETR are colocated, LISP-SEC does not >> provide protection from overclaiming attacks mounted by the ETR. >> However, in this particular case, since the ETR is within the trust >> boundaries of the Map-Server, ETR's overclaiming attacks are not >> included in the threat model. >> >> 7. IANA Considerations > This section is not conform to RFC 5226. > > There right way to go is to ask IANA to create three new registries, > for HMAC, Key Wrap, and Key Derivation functions. > Define what is the allocation process (in light of the size of the > field FCFS should not cause any problem IMHO) > > Then ask to populate the registries as already described. > > >> 7.1. HMAC functions >> >> The following HMAC ID values are defined by this memo for use as >> Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC >> Authentication Data: >> >> >> >> >> >> >> >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 16] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> Name Number Defined In >> ------------------------------------------------- >> NONE 0 >> AUTH-HMAC-SHA-1-96 1 [RFC2104] >> AUTH-HMAC-SHA-256-128 2 [RFC4634] >> >> values 2-65535 are reserved to IANA. >> >> HMAC Functions >> >> AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be >> supported. >> >> 7.2. Key Wrap Functions >> >> The following OTK Encryption ID values are defined by this memo for >> use as OTK key wrap algorithms ID in the LISP-SEC Authentication >> Data: >> >> Name Number Defined In >> ------------------------------------------------- >> NULL-KEY-WRAP-128 1 >> AES-KEY-WRAP-128 2 [RFC3394] >> >> values 0 and 3-65535 are reserved to IANA. >> >> Key Wrap Functions >> >> NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported. >> >> NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a >> 64-bit preamble set to 0x0000000000000000 (64 bits). >> >> 7.3. Key Derivation Functions >> >> The following KDF ID values are defined by this memo for use as KDF >> ID in the LISP-SEC Authentication Data: >> >> Name Number Defined In >> ------------------------------------------------- >> NONE 0 >> HKDF-SHA1-128 1 [RFC5869] >> >> values 2-65535 are reserved to IANA. >> >> Key Derivation Functions >> >> HKDF-SHA1-128 MUST be supported >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 17] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> 8. Acknowledgements >> >> The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino >> Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt >> Noll for their valuable suggestions provided during the preparation >> of this document. >> >> 9. Normative References > > > Please Check your reference, this is the output if the nits tool: > > > Checking references for intended status: Experimental > ---------------------------------------------------------------------------- > > == Missing Reference: 'RFC3339' is mentioned on line 602, but not > defined > > == Missing Reference: 'RFC4634' is mentioned on line 752, but not > defined > > ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234) > >> [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- >> Hashing for Message Authentication", RFC 2104, >> DOI 10.17487/RFC2104, February 1997, >> <http://www.rfc-editor.org/info/rfc2104>. >> >> [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate >> Requirement Levels", BCP 14, RFC 2119, >> DOI 10.17487/RFC2119, March 1997, >> <http://www.rfc-editor.org/info/rfc2119>. >> >> [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard >> (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, >> September 2002, <http://www.rfc-editor.org/info/rfc3394>. >> >> [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, >> "Randomness Requirements for Security", BCP 106, RFC 4086, >> DOI 10.17487/RFC4086, June 2005, >> <http://www.rfc-editor.org/info/rfc4086>. >> >> [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an >> IANA Considerations Section in RFCs", BCP 26, RFC 5226, >> DOI 10.17487/RFC5226, May 2008, >> <http://www.rfc-editor.org/info/rfc5226>. >> >> [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand >> Key Derivation Function (HKDF)", RFC 5869, >> DOI 10.17487/RFC5869, May 2010, >> <http://www.rfc-editor.org/info/rfc5869>. >> >> [RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The >> Locator/ID Separation Protocol (LISP)", RFC 6830, >> DOI 10.17487/RFC6830, January 2013, >> <http://www.rfc-editor.org/info/rfc6830>. >> >> [RFC6833] Fuller, V. and D. Farinacci, "Locator/ID Separation >> Protocol (LISP) Map-Server Interface", RFC 6833, >> DOI 10.17487/RFC6833, January 2013, >> <http://www.rfc-editor.org/info/rfc6833>. >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 18] >> >> Internet-Draft LISP-SEC October 2016 >> >> >> [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID >> Separation Protocol (LISP) Threat Analysis", RFC 7835, >> DOI 10.17487/RFC7835, April 2016, >> <http://www.rfc-editor.org/info/rfc7835>. >> >> Authors' Addresses >> >> Fabio Maino >> Cisco Systems >> 170 Tasman Drive >> San Jose, California 95134 >> USA >> >> Email:fmaino@cisco.com <mailto:fmaino@cisco.com> >> >> >> Vina Ermagan >> Cisco Systems >> 170 Tasman Drive >> San Jose, California 95134 >> USA >> >> Email:vermagan@cisco.com <mailto:vermagan@cisco.com> >> >> >> Albert Cabellos >> Technical University of Catalonia >> c/ Jordi Girona s/n >> Barcelona 08034 >> Spain >> >> Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu> >> >> >> Damien Saucez >> INRIA >> 2004 route des Lucioles - BP 93 >> Sophia Antipolis >> France >> >> Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr> >> >> >> >> >> >> >> >> >> >> >> Maino, et al. Expires April 6, 2017 [Page 19] >> >> >> > > > >
- [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Joel M. Halpern
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Dino Farinacci
- Re: [lisp] LISP-SEC review (finally) Fabio Maino (fmaino)
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone
- Re: [lisp] LISP-SEC review (finally) Fabio Maino
- Re: [lisp] LISP-SEC review (finally) Luigi Iannone