IETF Logo Mail Archive

Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Edward Lopez <elopez@fortinet.com> Sun, 08 September 2013 15:04 UTC

Return-Path: <elopez@fortinet.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FB9E21E809C for <lisp@ietfa.amsl.com>; Sun, 8 Sep 2013 08:04:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3au7xyuxHNvr for <lisp@ietfa.amsl.com>; Sun, 8 Sep 2013 08:04:38 -0700 (PDT)
Received: from smtp.fortinet.com (smtp.fortinet.com [208.91.113.81]) by ietfa.amsl.com (Postfix) with ESMTP id B8E8921F9BC1 for <lisp@ietf.org>; Sun, 8 Sep 2013 08:04:37 -0700 (PDT)
From: Edward Lopez <elopez@fortinet.com>
To: Noel Chiappa <jnc@mercury.lcs.mit.edu>
Thread-Topic: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
Thread-Index: AQHOrJxXOHW2nHyU/USLjCm1FKOKiZm78Ejz
Date: Sun, 08 Sep 2013 15:04:44 +0000
Message-ID: <281739A7-17F1-494A-8667-94C3F258C072@fortinet.com>
References: <20130908140433.D217D18C0CE@mercury.lcs.mit.edu>
In-Reply-To: <20130908140433.D217D18C0CE@mercury.lcs.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FEAS-SYSTEM-WL: 192.168.221.213
Cc: "lisp@ietf.org" <lisp@ietf.org>, "jnc@mercury.lcs.mit.edu" <jnc@mercury.lcs.mit.edu>
Subject: Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Sep 2013 15:04:42 -0000

Key generation/management/distribution would be the real difficulty.  It would be desirable to use symmetric encryption (Ex. AES256) to encrypt LISP payloads.  Therefore, we use certs & asymmetric encryption (some form of ECC) at the time of xTR registration to provide a method to distribute keys to authenticated site members.

Another consideration is to encrypt just the EID header, and have EIDs use IPSec (thus LISP would in effect encrypt the outer IPSec ESP header).  Someone in the RLOC space would then require two keys to decrypt the message fully, and the encryption load would be distributed between EIDs and xTRs

Ed Lopez

Sent from my iPhone ... Sorry for any auto-correct errors

On Sep 8, 2013, at 10:04 AM, "Noel Chiappa" <jnc@mercury.lcs.mit.edu> wrote:

>> From: Marc Binderberger <marc@sniff.de>
> 
>> Lisp is separating Identity from Location but this doesn't mean the
>> RLOC can not be used to identify you. In case of static setups this is
>> obvious, take the RLOC, go to the ISP, get the (physical) address and
>> name.
> 
> Err, that would get the address and name of the ITR, not the actual source
> host.
> 
> Depending on all sorts of factors, that plus the encrypted packet _might_ get
> them the identity of the actual originator (not, for example, if the ITR has
> discarded the key used to encrypt the packet by the time the subpoena
> arrives...)
> 
>    Noel
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are hereby 
notified that any review, use, disclosure, dissemination, distribution or copying 
of this message and any attachments is strictly prohibited. If you have received 
this email in error, please immediately notify the sender and destroy this e-mail 
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed 
in this message are those of the individual sender and do not necessarily reflect 
the views of Fortinet, Inc., its affiliates, and emails are not binding on 
Fortinet and only a writing manually signed by Fortinet's General Counsel can be 
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***

v2.23.0 | Report a Bug | By Email