Re: [lisp] Last Call SECDIR Review of draft-ietf-lisp-6834bis-11
Donald Eastlake <d3e3e3@gmail.com> Thu, 02 June 2022 19:31 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043D1C14F74F; Thu, 2 Jun 2022 12:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4x-1-ZWRmECP; Thu, 2 Jun 2022 12:31:17 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 510D8C14F74C; Thu, 2 Jun 2022 12:31:17 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id a2so9355193lfc.2; Thu, 02 Jun 2022 12:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=drK+d8d+qoQeyAXllCX2d4GsyJruXf9iMbVx4//mMHk=; b=ZLWltiQ0cQWXjQAUVR/oKRgebXwPdM78NSjZ2XvOZ4hWYE/eIxuLz1Si9M/F2xIxUg rEIS4QVTGkN9R1px3qe5au9rk5Y8tnsQ6OF5X66luCG3QGFgojSyT3vZvHnQyBch5eOO mzn5nCX89eLTjag7gYyju0LdZT78vWfWY8nI4Cym5wro4pJxA1AinCQtd0mecHUkOx+s zXC9s/Q0QkA/PPoC14IPFFa4uNaXxPmBqXSTMB8YDezT5uK60IdbHYXqGlWVF6U+/CYZ j2S7CVeGIJQi7jO4rYzQhFhyjSZsbmyamAsuOQDtk+Ve2TfVjmiTqBeam7IK7wUnMsZD H3nQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=drK+d8d+qoQeyAXllCX2d4GsyJruXf9iMbVx4//mMHk=; b=lP3Oqk+BdySBRm5XtT+5RlRTKw0HO+BfI4w+JdlwdptMgcED7ZamEjiYNBfUAEaTX7 XQnQ5ZLCUM61OFpUxev+flQJpUKGaNLTuo0QHX6TzRBnINYz0+H+meEVwLNIWFLchLEX BfNcuIDSA4pRbjQVE51T1V2d4/tLggkeIPpzecqfX84vDS/9hLtIQ/vtQU579P2ZIpkd s1NOUIrclsOri9Z+szt66wB7l9PutWeC19e6ajojEcqCbeP/JW9rHd6yuf/kj0Efbp9V A7cbIMvLN5z7rbvmjS4LHFtW5y8CcX2ehPDmCjgiq4y3xhDb0W+Rafw8HyLv5xDvUcBL 7jRQ==
X-Gm-Message-State: AOAM532jz7jXXSsTTCNCISjzv4ODgVPHoYjh+2hXZuOLIZwEdvAqpHUn 20I9TIb74gfgglDyU40Pw9pCb7BbDQpJGluVPQW/C7JI
X-Google-Smtp-Source: ABdhPJxUJrmsCwM5vmFZalsc+AbXfYdQpqMJhqEoRdWsULUUPU032mkxI5J0zw9LwJhoy/J0dQgQ9VwrMXIU4740AAs=
X-Received: by 2002:a05:6512:1148:b0:478:98b7:c86e with SMTP id m8-20020a056512114800b0047898b7c86emr4462902lfg.338.1654198274514; Thu, 02 Jun 2022 12:31:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEE0UrAhSkUzbWbaoZKvHE_LFs6zmbda3nie=M-EN-XDeg@mail.gmail.com> <542A2E95-C536-43A3-B500-A85D76A62579@gigix.net> <CAF4+nEFHzKCgLBWMT2-WTO0T0vgxpYV1bndsz4HofNKvpYt-2w@mail.gmail.com> <D37B519F-D27B-4584-ADF9-3414968E657A@gigix.net> <B6EE0E97-7590-4355-9E66-28F22958B720@gigix.net> <CAF4+nEEHBpqoBxQT57MqykPunB7gjDOUsYQx4uxnXpPsyFzJkQ@mail.gmail.com> <19C59B81-0A88-4074-B6FD-7F8890390621@gigix.net>
In-Reply-To: <19C59B81-0A88-4074-B6FD-7F8890390621@gigix.net>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 02 Jun 2022 15:31:03 -0400
Message-ID: <CAF4+nEHk6U5ejTGvj6k8tex86-kYHtAeM-aQY9OuxPCeEKx2VA@mail.gmail.com>
To: Luigi Iannone <ggx@gigix.net>
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir <secdir@ietf.org>, Last Call <last-call@ietf.org>, draft-ietf-lisp-6834bis.all@ietf.org, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a630d05e07c0cbf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/lkHnuv-tOUjaUgIuHu_ACc1yLfM>
Subject: Re: [lisp] Last Call SECDIR Review of draft-ietf-lisp-6834bis-11
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2022 19:31:22 -0000
Hi Luigi, Thanks for all the changes. It looks acceptable to me now. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com On Thu, Jun 2, 2022 at 8:29 AM Luigi Iannone <ggx@gigix.net> wrote: > Thanks Donald > > Revision -13 includes the text suggested by Alvaro and the fix in section > A.3 > > Ciao > > L. > > On 2 Jun 2022, at 04:49, Donald Eastlake <d3e3e3@gmail.com> wrote: > > Hi Luigi, > > I think -12 is pretty good. The change suggested by Alvaro should be > included. And I think the last sentence in Section A.3 in -12 should > probably be a separate paragraph and the start should be "Note that ..." > rather than "To be noted that ...". With those changes, I am OK with the > draft. > > Thanks, > Donald > =============================== > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 2386 Panoramic Circle, Apopka, FL 32703 USA > d3e3e3@gmail.com > > > On Wed, Jun 1, 2022 at 8:16 AM Luigi Iannone <ggx@gigix.net> wrote: > >> Hi Donald, >> >> A new revision of the drafts has been submitted. >> Here is the link to the rfcdiff: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-6834bis-12.txt >> >> Let me know if this revision does not address your concerns. >> >> Thanks >> >> Ciao >> >> L. >> >> On 1 Jun 2022, at 10:45, Luigi Iannone <ggx@gigix.net> wrote: >> >> >> >> On 1 Jun 2022, at 05:29, Donald Eastlake <d3e3e3@gmail.com> wrote: >> >> See below at <de> >> >> On Mon, May 30, 2022 at 9:32 AM Luigi Iannone <ggx@gigix.net> wrote: >> >>> Hi Donald, >>> >>> Thank you very much for your review. >>> I take this last updated review and provide some answers inline. >>> >>> On 30 May 2022, at 04:35, Donald Eastlake <d3e3e3@gmail.com> wrote: >>> >>> I have updated my review of the -10 version for -11 below. >>> Comments/suggestions that I do not comment on still apply. >>> >>> On Wed, May 25, 2022 at 3:41 PM Donald Eastlake <d3e3e3@gmail.com> >>> wrote: >>> >>> >>> I have reviewed this document as part of the security directorate's >>> ongoing effort to review all IETF documents being processed by the IESG. >>> Document editors and WG chairs should treat these comments just like any >>> other last call comments. Sorry this is a bit late. >>> >>> >>> The summary of the review is Ready with Issues. >>> >>> >>> Well, minor issues... >>> >>> ... >>> >>> SECURITY >>> >>> This draft appears to completely ignore the issue of Map Version Number >>> advancing so far so quickly that an old version number is encountered that >>> appears to be newer than or equal to the current version number. Why can't >>> this happen? Or if it can, why doesn't that hurt? >>> >>> This is more of an operational point. If you update a mapping, the best >>> would be to give sufficient time so that everybody updates and there is no >>> such a risk. >>> What about adding in section 7 “dealing with Map-Version Numbers” the >>> following sentence. >>> >>> It is an operational question to make sure that Map-Version numbers are >>> not updated so frequently as to create the risk that very old version >>> numbers appear newer (because of the circular space). >>> >>> Would that address your issue? >>> >> >> <de> Not really. (1) I think the document needs to say what happens if >> the numbers wrap around and overlap. (2) Assuming the answer to 1 is as bad >> as I think, then it is not "an operational question" to avoid this but >> rather "an operational requirement". That is, there should be a statement >> something like "Map Version Number incrementing and TTL MUST be managed so >> that an old Version Numbers will not be confused as a new Version Number. >> >> >> This last sentence is great. I will put it in section 7. >> >> >> >> Section 8, last paragraph: Says Map-Versioning can only be used in >>> trusted, closed environments but Section 7.1 and 7.2 seem to talk about >>> what to do about the Map-Version field without any reference to this, but >>> mentioning private deployments for certain error conditions. For example, >>> Section 7.2 point 3 says to discard a packet on an erroneous Map-Version >>> value except perhaps in some private deployments. But if you MUST NOT use >>> Map-Versioning on the open internet, shouldn't it be required to discard >>> all LISP encapsulated packets with Map-Version numbering if received over >>> the public Internet? >>> >>> Actually section 7.1 reads: >>> >>> Operators can configure exceptions to this >>> recommendation, which are outside the scope of this document. >>> >>> >>> We should have done the same for 7.2, will do in a revision. >>> >> <de> Well, adding that to Section 7.2 would help. But the problem is the >> following sentence in Section 8: >> >> Map-Versioning MUST NOT be used over the public Internet and SHOULD >> only be used in trusted and closed deployments. >> >> >> It seems to me that sentence says you can only use Map-Versioning in a >> private network and that private network SHOULD be trusted. So I guess it >> allows use in an untrusted private network... Is that what you want to say? >> >> >> This is similar to the comment made by Paul. >> His suggestion is to change the SHOULD in a MUST. Would this work for you >> as well? >> >> >> >> >>> Otherwise, the Security Considerations seem adequate although I think >>> the 1st and 2nd paragraphs of Section 8 should be swapped. >>> >>> Yes, it may read better. Will be swapped in the next revision. >>> >>> OTHER ISSUES >>> >>> Section 6, right after equation 3: Isn't "(69 + 4096) mod 4096" the same >>> as "69"? And isn't 69 equal to 69, not less than 69? Shouldn't it say >>> "Map-Version numbers in the range [69 + 2049; 68] are smaller than 69"? Or >>> actually "in the ranges [69 + 2049; 4095] and [1;68] are smaller than 69"? >>> >>> Wonderful catch. Should be >>> [69 + 2049; (69 + 4095) mod 4096] >>> >>> >>> Will fix. >>> >>> Section A.3: How is it possible to tell that no more traffic will be >>> received? Should this instead be something like wait the TTL of the >>> mappings to that RLOC plus estimated transit time and some margin for >>> safety? >>> >>> Absolutely right, the sentence should be: >>> >>> Upon updating the mapping, the RLOC will receive the less and less >>> >>> traffic because remote LISP sites will get the updated mapping. >>> >>> At least one TTL after the mapping was updated, it could be >>> >>> considered safe to shut down the RLOC gracefully, because all >>> >>> sites actively using the mapping should have updated >>> >>> it. >>> >>> >>> Sounds better? >>> >> >> <de> Yes, that's better. But I would suggest alternate wording such as >> the following: >> >> "Upon updating the mapping, the RLOC will receive less and less >> >> traffic because remote LISP sites will request the updated >> >> mapping and see that it is disabled. At least one TTL, plus a >> >> little time for traffic transit, after the mapping is updated, >> >> it should be safe to shut down the RLOC gracefully, because >> >> all sites actively using the mapping should have been updated." >> >> >> Thanks a lot, it reads much better. >> >> >> TYPOS/MINOR >>> >>> Should the document say anything about mapping changes possibly causing >>> re-ordering? >>> >>> Not sure what do you mean by “re-ordering”, can you articulate? >>> >> >> <de> I was thinking about adding one sentence somewhere something like >> the following: >> "A change in map version resulting in a change in ETR for a flow can >> result in the re-ordering of the packet in the flow just as any other >> routing change could cause re-ordering." >> >> >> Yes, that is again absolutely correct. I will add the sentence. >> >> >> Section 1: I think the following should end with "ITR": "If this is not >>> the case, the ETR can directly send a Map-Request containing the updated >>> mapping to the ETR," >>> >>> >>> Above fixed in -11. >>> >>> Section 7.2, first sentence just after point 3: Suggest using "MAY" in >>> "may be more restrictive." >>> >>> >>> Will be changed in the next revision. >>> >>> Section A.2.3: "provider edge" pops up here with no other mention or >>> explanation anywhere in the draft. >>> >>> >>> Either drop the term or provide some sort of definition/explanation. >>> >>> >>> Provider edge should actually be just “domain" >>> >> >> <de> OK. >> >>> Section A.2.3: The last two sentences sound like they contradict each >>> other. I assume the last sentence is refering to change in the Source >>> mapping. Suggest "the mapping" -> "the Source mapping". >>> >>> >>> Yes, is >>> >>> With this setup, the Proxy-ETR, by looking at the Source Map-Version Number, >>> >>> is able to check whether the mapping has changed. >>> >>> >> <de> OK. >> >>> EDITORIAL >>> >>> Section 1: "This operation is two-fold." -> "This information has two >>> uses." >>> >>> New Section 6: "... MUST consist in an increment ..." -> "... MUST >>> consist of an increment ..." >>> >>> New Section A.2.3: "uRPF" is used only once so the acronym should be >>> dropped and only the expansion used. >>> >>> Will update as suggested in the next revision. >>> >> >> <de> OK. >> >> >> Thanks again for the feedback. >> >> Ciao >> >> L. >> >> >> >> >> <de> Thanks, >> Donald >> =============================== >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 2386 Panoramic Circle, Apopka, FL 32703 USA >> d3e3e3@gmail.com >> >> Thanks again for the review. >>> Let me know if the proposed changes address your comments. >>> >>> Ciao >>> >>> L. >>> >>> >>> >>> >>> >>> Thanks, >>> Donald >>> =============================== >>> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >>> 2386 Panoramic Circle, Apopka, FL 32703 USA >>> d3e3e3@gmail.com >>> >>> >> >
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Alvaro Retana
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Alvaro Retana
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Luigi Iannone
- Re: [lisp] Last Call SECDIR Review of draft-ietf-… Donald Eastlake