Re: [lisp] Roman Danyliw's No Objection on draft-ietf-lisp-gpe-17: (with COMMENT)

"Fabio Maino (fmaino)" <fmaino@cisco.com> Mon, 27 July 2020 05:20 UTC

Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8523A16BB; Sun, 26 Jul 2020 22:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MvL6w7xC; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0goBkKBK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Od9L5fw6D3-w; Sun, 26 Jul 2020 22:20:57 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE413A1593; Sun, 26 Jul 2020 22:20:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=324104; q=dns/txt; s=iport; t=1595827256; x=1597036856; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=mumCF9LwI0740qJgn+yODo07cGOYSqIohq07o6X6J1o=; b=MvL6w7xC8pqClsbCBGD3TJQboX0yrQaJN6Dm7enCjTPhqogzUzUfGmpi UoKdaTBXhYCD0u/FE3ToeuyIhTGltlbUYMV/AjqcY48nzrKx1wrRjFtDF uhfO6aCpd1XVIdd+nsKIP9FORZ38mCm3bWyE/O8WC/Yfa0iQvA2PpndCk I=;
X-Files: Screen Shot 2020-07-26 at 10.14.19 PM.png, Screen Shot 2020-07-26 at 10.13.34 PM.png : 113789, 119369
IronPort-PHdr: 9a23:HWnpBxOVjUf/0hvk494l6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKw33lTER5md7OhL2KLasKHlDGoH55vJ8HUPa4dFWBJNj8IK1xchD8iIBQyeTrbqYiU2Ed4EWApj+He2YkNYAtq4YEfd8TW+6DcIEUD5Mgx4bu3+Bo/ViZGx0Oa/s53eaglFnnyze7R3eR63tg7W8MIRhNhv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CiBADsYx5f/5NdJa2FVrw4HAMGBIZVhjg6wGOQWIG8Jw
X-IronPort-AV: E=Sophos;i="5.75,401,1589241600"; d="png'150?scan'150,208,150";a="518203762"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Jul 2020 05:20:39 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 06R5KduS008599 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 Jul 2020 05:20:39 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Jul 2020 00:20:39 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Jul 2020 00:20:38 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 27 Jul 2020 00:20:38 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dFFbSu2ScD4zSXWKHayieuNN7phhEM5iRVr87xodjLioWqdCoP8yxbrhatMzya+QJXi5HE+c0e5VNZOGZBin5s2nBS/5qhq8vRV8D4osPagobodp7R+Dz1CFQBRaVYiZAvbo8698C+aOWNr9nw1NLAyXiVJ99WgsK1YSqsqX9O03h22r5r8t1dffc78DSbSFbwdd4XidivkU0JKc7inMXfA7nsHYYBEeLt7fLm2JMdZQWpc32p1tCMjczDsQHvxUAriAXwkFfz5flftKOog875f3zLhe9NhkO2ggoTFCYhFOhfKhv8R6Yllrfm/7Ui3cOG3JUeaCTzNoTBAqG4iSNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zn1j+UIi/3PRkikw0Y4qr3NtI4UGTVvgfCB3m80vHNY=; b=aHYES1CbPhToqwtZik0Ao3juxakXuZCBiaJtg8MSZtrzxseWqNUC3Je5UiOID8NQudbg3di9cD5sfWFvZpgeuCfoHCb807qxfnoXuc91pFGy8+QPQhvEHWyHzEkjhWLT5hkQGrO6vVV09eSFUcZQvtwk5SoAQ7bAj0j9I0H/nQn+1gbneUt6aMAk4yrrQ7N7x+3w5yU5SXQanmUQAQwp5KzDIJ6vcwiHk7zorLH6iSepAkzZM9h0dDwKd49QM2KXIurXSnlJpdP5InHkCl83CIF/CDdNzSKrNS/fdr1R7xillEwxnl5ZsfdlV0WOXkSQc6MMvvUQAly2OmZDKxX+NA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zn1j+UIi/3PRkikw0Y4qr3NtI4UGTVvgfCB3m80vHNY=; b=0goBkKBKPbFGD7r9JcOVNjhBPBCEOQ5SZZ5BFnS1Fad91Bv8ZZWOREoTcZPkTSS/WfKTtvLcLgORjVSq15ZdYUaWEh4W3X1V1mueScZD9RPPnKaVhT8DgjbZBDKBaV7/7jErDyqDpVES0m0qRGK9stM1xGNhLX3oFC84YtUH/Hc=
Received: from BY5PR11MB4369.namprd11.prod.outlook.com (2603:10b6:a03:1cb::25) by BY5PR11MB4465.namprd11.prod.outlook.com (2603:10b6:a03:1c0::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.25; Mon, 27 Jul 2020 05:20:37 +0000
Received: from BY5PR11MB4369.namprd11.prod.outlook.com ([fe80::b8ba:cc41:e6f0:9cf4]) by BY5PR11MB4369.namprd11.prod.outlook.com ([fe80::b8ba:cc41:e6f0:9cf4%7]) with mapi id 15.20.3216.031; Mon, 27 Jul 2020 05:20:37 +0000
From: "Fabio Maino (fmaino)" <fmaino@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-lisp-gpe@ietf.org" <draft-ietf-lisp-gpe@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, Luigi Iannone <ggx@gigix.net>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-lisp-gpe-17: (with COMMENT)
Thread-Index: AQHWVXRD7caNMwK3HUKAOHWurcAOFqkaiwyA
Date: Mon, 27 Jul 2020 05:20:36 +0000
Message-ID: <C06FF727-FA54-4759-8483-179445E19978@cisco.com>
References: <159424608025.11827.15288656141836801569@ietfa.amsl.com>
In-Reply-To: <159424608025.11827.15288656141836801569@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [75.25.137.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ca619c09-8360-4ac8-e7d1-08d831eccb8d
x-ms-traffictypediagnostic: BY5PR11MB4465:
x-microsoft-antispam-prvs: <BY5PR11MB446532B0145A23EBCEF417FEC2720@BY5PR11MB4465.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d/6bT6c+RJRseaN0TxOq98fqbAioZgPOfkqux387C33fqB2PGVgAHtSB50o9ENacUf+fbi7YnstRDwj2jFgdPgTk7jbSX9OuqqThpb2nNQMDsAXMrBr0Xml5drgEE+Vs78SxzitvOfU9Z8ZApJ8LtBgF74sNES9POBJ+BHQe5p676wsW6HMDkoG8bl0VdGkDUO1iZAEUFpZBhG1ZCW8N12bxDPwOAfxt67Lh3/uCiDVUiWSa5Kgx31EuCnAAgJVDbGHq6gUKVh6d+TiB04V2QVZYhHq2djz+3YGs7i0fegMC6NWXwp2H/a2FwpUTiXBRGTKwxzpOHf8mR+JbuFn3PaiTpPtTtgc7+a7LYfPiKausNTvy9h5GWQKnHb9uYiI22jslZre3KZUa8O2mlcCpzA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4369.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(4326008)(6512007)(8936002)(966005)(2616005)(186003)(8676002)(6506007)(26005)(36756003)(86362001)(33656002)(110136005)(54906003)(2906002)(316002)(5660300002)(6486002)(99936003)(478600001)(66574015)(66446008)(66946007)(64756008)(66556008)(66476007)(76116006)(71200400001)(66576008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: O6X6zHoePgRGdsGmocR2DeLyPeqFJhm+HnGchy1Fz2cX9AqcpokQUdQaHQvwmBRdOxY94D1LhZVBYHScV8AAcxBDChBTeqTfyarGL9mh3V61k9Yv6xHYTx6GSfYrIsIsM8+b5y8AJV2KOL3lJHeZCMnOiMlXt9o5xR//hCEuWx7CTMjCyrFWgx/fY/8hCNbQ2GdcxXxHxR6UMfdvQafsMPFB6izBmiaIqs7WN/4201ScEXAN8y7WZN1mk+z0uUjMuf8Pytcl94w+lD02Y24PmJSWCWsRO29e3JagkJcnI8WoGWV5js9r4M2Jf51YRZsSung6oIvHMGDcpfN1QpwLaOo7U3EwLk9fcezr6gM8T95Zz/TgrpraSm4bFitDlHwc03tNgJHn6XZHOOY8p6EScIY8EDw8aHN0iXdrxCBydulLy010ekoZG8QO4XS4OVPpvPnr0+kPrctixiWyKUmVLS05QYx54P0iCCgwisuMYTc=
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed; boundary="_003_C06FF727FA5447598483179445E19978ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4369.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ca619c09-8360-4ac8-e7d1-08d831eccb8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 05:20:36.8923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: v2x5EJgt2KlUSP4I0EgkRAr9eyLedrYfg4n59ssgIOe4BtzUCk6uegeYGlRiBggKmcxZCohVSRrnioQoxtJ1fg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4465
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/mk_GUnhZEj1CDd1yD-DsjalTCYk>
Subject: Re: [lisp] Roman Danyliw's No Objection on draft-ietf-lisp-gpe-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 05:20:59 -0000

Hi Roman, 
Thanks for your review. 

We have added the following sentence at the end of section 4.4: 

   "Refer to Section 7 for consideration about the use of integrity
   protection for deployments, such as the public Internet, concerned
   with on-path attackers."

And changed section 7 into: 

   "LISP-GPE, as many encapsulations that use optional extensions, is
   subject to on-path adversaries that can make arbitrary modifications
   to the packet (including the P-Bit) to change or remove any part of
   the payload, or claim to encapsulate any protocol payload type.
   Typical integrity protection mechanisms (such as IPsec) SHOULD be
   used in combination with LISP-GPE by those protocol extensions that
   want to protect from on-path attackers."

Diffs with rev -18 are attached. 

Thanks,
Fabio


On 7/8/20, 3:08 PM, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote:

    Roman Danyliw has entered the following ballot position for
    draft-ietf-lisp-gpe-17: No Objection

    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)


    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.


    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-lisp-gpe/



    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------

    Section 4.  Per “When a LISP-GPE router performs Ethernet encapsulation, the
    inner header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped to,
    or used to determine the LISP Instance IDentifier (IID) field”, as noted in a
    DISCUSS item in my ballot on draft-ietf-lisp-rfc6830bis-32, using Instance ID
    values as 802.1Q tags without integrity protection seems problematic in the
    public internet scenario.  Please add cautionary language recommending
    integrity protection.


    Section 7.  Per “LISP-GPE, as many encapsulations that use optional extensions,
    is subject to on-path adversaries that by manipulating the P-Bit and the packet
    itself can remove part of the payload or claim to encapsulate any protocol
    payload type”, it’s worse than that – (in the absence of integrity protection
    and like LISP in general) an on-path attacker make arbitrary modifications to
    the packet (like a 802.1Q tag in the encapsulated ethernet; or the Instance ID
    using an 802.1.Q tag)