Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <rbonica@juniper.net> Thu, 15 May 2014 18:15 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 582581A02E6 for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 11:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.602
X-Spam-Level:
X-Spam-Status: No, score=-101.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8S9wKaA7zNzb for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 11:15:50 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0142.outbound.protection.outlook.com [207.46.163.142]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B3AE1A0317 for <lisp@ietf.org>; Thu, 15 May 2014 11:15:49 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by BLUPR05MB628.namprd05.prod.outlook.com (10.141.204.156) with Microsoft SMTP Server (TLS) id 15.0.939.12; Thu, 15 May 2014 18:15:40 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.206]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.206]) with mapi id 15.00.0944.000; Thu, 15 May 2014 18:15:39 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, =?iso-8859-1?Q?Roger_J=F8rgensen?= <rogerj@gmail.com>, Ross Callon <rcallon@juniper.net>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPa58LSm48HWl6Wky1MR3KNHiENZs9MyiAgAD04oCAAJ/u8IAAAtXQgABKWQCAAuX8QA==
Date: Thu, 15 May 2014 18:15:39 +0000
Message-ID: <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <5372950E.3080704@joelhalpern.com>
In-Reply-To: <5372950E.3080704@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.14]
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(377454003)(479174003)(24454002)(189002)(13464003)(199002)(51704005)(19580395003)(19580405001)(83322001)(1941001)(31966008)(74502001)(76576001)(66066001)(21056001)(79102001)(20776003)(64706001)(80022001)(15975445006)(4396001)(81342001)(81542001)(33646001)(74662001)(99396002)(85852003)(83072002)(46102001)(76482001)(77982001)(50986999)(54356999)(76176999)(99286001)(86362001)(2656002)(87936001)(101416001)(92566001)(74316001)(561944003)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR05MB628; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/gFivDkL2sZ17Ov9MlTURFtrq0K4
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 18:15:52 -0000

Joel,

The threats document should not depend on lisp-sec or lisp-crypto. However, Roger's response did rely on those documents (see his response, below). 

So, we are left to explore whether something was omitted from the threats document. Standby for my response to Roger.

                                                                        Ron



> -----Original Message-----
> From: Joel M. Halpern [mailto:jmh@joelhalpern.com]
> Sent: Tuesday, May 13, 2014 5:57 PM
> To: Ronald Bonica; Roger Jørgensen; Ross Callon
> Cc: lisp@ietf.org
> Subject: Re: [lisp] Restarting last call on LISP threats
> 
> Ron, I am having trouble with the question.
> 
> The threats document describes the threats as they exist today, without the
> adoption of either document that Roger pointed to.  Thus, I do not see any
> dependence.
> 
> If there is a threat that is not well described in the base spec or this
> document, then we should add it.  We should add it even if there are
> proposals to remediate it.  But if there is a clear proposal of a missing threat, I
> missed it.
> 
> Yours,
> Joel
> 
> On 5/13/14, 1:31 PM, Ronald Bonica wrote:
> > Hi Roger,
> >
> > Or asked more explicitly, can the level of security claimed by the threats
> document be achieved without implementing the protocol extensions
> described in lisp-sec and lisp-crypto?
> >
> >                                                            Ron
> >
> >
> >> -----Original Message-----
> >> From: Ronald Bonica
> >> Sent: Tuesday, May 13, 2014 1:22 PM
> >> To: 'Roger Jørgensen'; Ross Callon
> >> Cc: lisp@ietf.org
> >> Subject: RE: [lisp] Restarting last call on LISP threats
> >>
> >> Hi Roger,
> >>
> >> Can this draft stand on its own, without integrating content from the
> >> documents that you reference?
> >>
> >>
> >> Ron
> >>
> >>>
> >>> There exist two draft that are relevant to what you address.
> >>>
> >>> You have
> >>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/
> >>> where the payload of a LISP encapsulated packet are encrypted. None
> >>> of the keys for encrypting/decrypting are stored in the mapping
> >>> system but is calculated by the xTR's involved.
> >>> Then you have https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/
> >>> that attempts to secure the xTR to xTR relationship.
> >>>
> >>>
> >>>
> >>> --
> >>>
> >
> > _______________________________________________
> > lisp mailing list
> > lisp@ietf.org
> > https://www.ietf.org/mailman/listinfo/lisp
> >