Re: [lisp] Secdir last call review of draft-ietf-lisp-rfc6830bis-15

"BRUNGARD, DEBORAH A" <> Tue, 11 September 2018 21:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DCDB5130F39; Tue, 11 Sep 2018 14:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EaRWa5dsPOMN; Tue, 11 Sep 2018 14:56:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BD0B9130F1F; Tue, 11 Sep 2018 14:56:04 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id w8BLkKar031045; Tue, 11 Sep 2018 17:56:03 -0400
Received: from ( []) by with ESMTP id 2memkgb9gp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 11 Sep 2018 17:56:02 -0400
Received: from (localhost []) by (8.14.5/8.14.5) with ESMTP id w8BLu1ft015276; Tue, 11 Sep 2018 17:56:01 -0400
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id w8BLtstJ015182; Tue, 11 Sep 2018 17:55:54 -0400
Received: from ( []) by (Service) with ESMTP id C982640F6CEA; Tue, 11 Sep 2018 21:55:54 +0000 (GMT)
Received: from (unknown []) by (Service) with ESMTPS id B5A2840F6CE9; Tue, 11 Sep 2018 21:55:54 +0000 (GMT)
Received: from ([]) by ([]) with mapi id 14.03.0415.000; Tue, 11 Sep 2018 17:55:53 -0400
To: Dino Farinacci <>, Kyle Rose <>
CC: IETF SecDir <>, "" <>, IETF Discussion Mailing List <>, " list" <>, Benjamin Kaduk <>, =?utf-8?B?TWlyamEgS8O8aGxld2luZA==?= <>
Thread-Topic: Secdir last call review of draft-ietf-lisp-rfc6830bis-15
Date: Tue, 11 Sep 2018 21:55:53 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-11_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809110214
Archived-At: <>
Subject: Re: [lisp] Secdir last call review of draft-ietf-lisp-rfc6830bis-15
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Sep 2018 21:56:07 -0000

Thanks much Kyle for your comments and Dino for resolving!

Cutting to the end where Dino asked for help-

-----Original Message-----
From: Dino Farinacci <> 
Sent: Tuesday, September 11, 2018 2:40 PM
To: Kyle Rose <>
Cc: IETF SecDir <>rg>;; IETF Discussion Mailing List <>rg>; list <>rg>; Benjamin Kaduk <>du>; Mirja Kühlewind <>
Subject: Re: Secdir last call review of draft-ietf-lisp-rfc6830bis-15

> What I might recommend is either an augmentation of, or a new document analogous to (and informationally referencing), draft-ietf-lisp-introduction that covers the expected security properties of the overall design and the requirements for each of the subcomponents in a way that someone can understand without referring to any document other than the high-level architecture itself. draft-ietf-lisp-introduction is actually quite good at getting the general point of LISP across to someone new; I want to see something similar for LISP's security model. I think that's going to be better than inserting clarifying text here or there. I've actually read enough of this stuff at this point that I'm not sure I can enumerate exactly what's missing where. The threat model document could potentially be folded into that, but it has to start by painting a picture of the security that someone new to LISP can quickly understand.

I’ll yield to the WG to respond to this.



It's difficult to do *one* overview document on an evolving technology, especially if the intention is to provide reference to other documents which are also evolving. Lisp-intro is already having its problems and it is not published yet.

As Mark Nottingham noted in his "How to Read an RFC" blog, when reading RFCs, for better or worse and the resulting frustration, it is "necessary to read not only the relevant text but also anything that it references":

I'd suggest a wiki would be a better tool to capture this "overview" informational material. Not only can the format be easier on the eye, it can be a shared effort and timely updated. Similar to Benoit's work on his YANG tree dependencies, it would be helpful if a working group provided a working group tree of documents and it could even reference other working group documents.