Re: [lisp] Spencer Dawkins' No Objection on draft-ietf-lisp-impact-04: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 22 October 2015 12:11 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0BB01A9100; Thu, 22 Oct 2015 05:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6B4HBZb1sFvk; Thu, 22 Oct 2015 05:11:28 -0700 (PDT)
Received: from mail-vk0-x241.google.com (mail-vk0-x241.google.com [IPv6:2607:f8b0:400c:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B72581B2CB6; Thu, 22 Oct 2015 05:11:28 -0700 (PDT)
Received: by vkfw189 with SMTP id w189so3979346vkf.3; Thu, 22 Oct 2015 05:11:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kOuM2xJ3kxp39BC/LVMnGoDM7noiBw+MvcGD/7SImQk=; b=EvbjOXkVuuJ5YSA9+aV5lPWu9+CFzYnh4R8buDOT3q6f7tg1BbZbIHi0CsSPCo1EbL rsnvXjagPV4c6tv3tpgJvvWy6j8LxG1kz2VS1SQmBdMFrUxemDQ400uu2rz2dsqHlIxE vIZN2sHgRytxpq6z7NYE205ePS1yZuQX/HcpkzGR4BODXJwi9EwpZRUR+t8EfNkrgW8X TC5EwAVyAgNmaQHJaXqdjjYdVfoyndYWv51UJD2NCdWQ3y9fsom7gVGoSp2gTA7oH8D7 gHx7AIuWw2xwIXFqfqBIePom8dpkRlcsDKwlWk93RGDbM/we1+cqSqNpzi7cSS3OpBgC R5yQ==
MIME-Version: 1.0
X-Received: by 10.31.8.21 with SMTP id 21mr8974113vki.82.1445515887866; Thu, 22 Oct 2015 05:11:27 -0700 (PDT)
Received: by 10.31.54.8 with HTTP; Thu, 22 Oct 2015 05:11:27 -0700 (PDT)
In-Reply-To: <FB8ECFEA-6E9B-4D05-8CE9-A7D5E6078737@gigix.net>
References: <20151021164242.13296.32356.idtracker@ietfa.amsl.com> <FB8ECFEA-6E9B-4D05-8CE9-A7D5E6078737@gigix.net>
Date: Thu, 22 Oct 2015 07:11:27 -0500
Message-ID: <CAKKJt-cUeK7uZNRVULys1JVtRWwvhEnBRpFxkmaf0TFHrh8NcA@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: Luigi Iannone <ggx@gigix.net>
Content-Type: multipart/alternative; boundary="001a114413a2037ce20522b06544"
Archived-At: <http://mailarchive.ietf.org/arch/msg/lisp/qIp8gRn6F5zL-_m8I4f0TylKqu8>
Cc: lisp-chairs@ietf.org, "lisp@ietf.org" <lisp@ietf.org>, draft-ietf-lisp-impact.all@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-impact@ietf.org
Subject: Re: [lisp] Spencer Dawkins' No Objection on draft-ietf-lisp-impact-04: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2015 12:11:30 -0000
Hi, Luigi, On Thu, Oct 22, 2015 at 4:21 AM, Luigi Iannone <ggx@gigix.net> wrote: > Hi Spencer, > > > > On 21 Oct 2015, at 18:42, Spencer Dawkins <spencerdawkins.ietf@gmail.com> > wrote: > > > > [snip] > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > "RLOC" is spelled out on second use, but not on first use. > > > > Thanks for pointing this out. We have to fix this and a few other acronyms > that we use first and define later. > > > > "Addresses are semantically separated in two:" was a bit rough for me. > > Perhaps something like "Addresses have two components with different > > semantic meanings:”? > > I fear it could be misinterpreted. Is not the address that has two > “components”, is the addressing space that is split in two semantically > different sub spaces. > > What is we out the following text: > > “Addresses are separated in two sets that have different semantics > meanings” > > Would that work? > Ah, I see - you weren't making the point I thought you were making. Your explanation was actually better than your proposed text, because it said "address SPACE", not just addresses. Perhaps "The address space is divided into two sets that have different semantic meanings"? > > > > > In this text: > > > > Middle boxes/filters: because of encapsulation, the middle boxes may > > not understand the traffic, which can cause a firewall to drop > > legitimate packets. In addition, LISP allows triangular or > > even rectangular routing, so it is difficult to maintain a > > correct state even if the middle box understands LISP. > > Finally, filtering may also have problems because they may > > think only one host is generating the traffic (the ITR), as > > long as it is not de-encapsulated. To deal with LISP > > encapsulation, LISP aware firewalls that inspect inner LISP > > packets are proposed [lispfirewall]. > > > > I wonder if we're far enough along with RFC 7258/BCP 188 that we expect > > middleboxes may not understand traffic, whether it's encapsulated or not, > > because of encryption. Perhaps that's worth a thought, if not a mention. > > > > May be modifying the first sentence as follows: > > Middle boxes/filters: because of encapsulation or encryption, the middle > boxes may > not understand the traffic, which can cause them to drop > legitimate packets ([RFC7258]). > > Would that work? One of the nice security ADs may have a better read on this, but I'm thinking the point of citing RFC 7258 is that middleboxes being clueless will be increasingly common. Perhaps Middle boxes/filters: because of increasingly common encryption as a response to pervasive monitoring ([RFC7258]), middle boxes are increasingly likely to be unable to understand encapsulated traffic, which can cause them to drop legitimate packets. Does that make sense? Thanks, Spencer > thanks > > ciao > > Luigi > >
- [lisp] Spencer Dawkins' No Objection on draft-iet… Spencer Dawkins
- Re: [lisp] Spencer Dawkins' No Objection on draft… Luigi Iannone
- Re: [lisp] Spencer Dawkins' No Objection on draft… Spencer Dawkins at IETF
- Re: [lisp] Spencer Dawkins' No Objection on draft… Luigi Iannone