Re: [lisp] Restarting last call on LISP threats

Luigi Iannone <ggx@gigix.net> Tue, 17 June 2014 08:43 UTC

Return-Path: <ggx@gigix.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A6AF1A0322 for <lisp@ietfa.amsl.com>; Tue, 17 Jun 2014 01:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dn4cIb61oZVF for <lisp@ietfa.amsl.com>; Tue, 17 Jun 2014 01:43:12 -0700 (PDT)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3DB1A0313 for <lisp@ietf.org>; Tue, 17 Jun 2014 01:43:12 -0700 (PDT)
Received: by mail-wi0-f179.google.com with SMTP id cc10so5364528wib.0 for <lisp@ietf.org>; Tue, 17 Jun 2014 01:43:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=HIiPlUVxIAwsEZVIJIigOo4T9BEVawMKNMTkqsTuIg4=; b=AupP0+JVlKXsX77cshBcsIVWjizHz5olVdKJvXb2uMNa+n29KTtAiwXSiwW1Xa5s/a Sldgh6JO0fmLM5aV0LZwWQN73scg/F1fACwgpGKrsicjd/nXSq6QGARacUvVohOEdWcp YMx3vyv6yKiLCb1eKnR2suZXz01H2olw15D1wmBETwQ4kiy1sjfRrjYNCUHXI/tL4D1q GprbBQDT4gh0PAgiSIGg2OFTaJ0TKamGPekeyrLJNU0UVTHj18FFB0JXY1E51wpDXuDT UQuN/E3N6RoR2AlG4Ymh0pKXWGpvYq1wsMF6Z51lR1VP1hG9gi3fLj1/3jZYXwYTyLEC tD8Q==
X-Gm-Message-State: ALoCoQlKAxCtlTFuGd1ym9KLaVr7GXmJFxxkb315eRf7QD2nGZIcS2q6j/z0um5aNPvRtk8FfKQB
X-Received: by 10.180.81.72 with SMTP id y8mr15771370wix.7.1402994590802; Tue, 17 Jun 2014 01:43:10 -0700 (PDT)
Received: from ?IPv6:2001:660:330f:a4:5dd0:712c:105e:e755? ([2001:660:330f:a4:5dd0:712c:105e:e755]) by mx.google.com with ESMTPSA id h3sm22277465wjz.48.2014.06.17.01.43.09 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Jun 2014 01:43:09 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Luigi Iannone <ggx@gigix.net>
In-Reply-To: <539F3C5D.8020907@innovationslab.net>
Date: Tue, 17 Jun 2014 10:43:09 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <1863B228-D011-4CCD-99A5-2C3B491F96B2@gigix.net>
References: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com> <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com> <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com> <E0485205-9FCD-46FC-B852-06259334A47C@gmail.com> <40ecc5d773874ecdbdc05763004acfa7@CO1PR05MB442.namprd05.prod.outlook.com> <A2225E25-FE9E-4F97-B86F-9C078BB6A312@gmail.com> <db040d02b9a3402c9e53e1ae6374b2bb@CO2PR05MB636.namprd05.prod.outlook.com> <BEA94770-F16C-449E-BA44-3FC8E5DE1292@gmail.com> <5399D22A.2040207@joelhalpern.com> <5CAAEAE6-AF3E-4E27-8D73-FA8A64520379@gmail.com> <DB53B8D4-8E0E-4DEF-BE7A-579FD679EB66@gigix.net> <8f3ee88f9b9649359d5222d324568e07@CO1PR05MB442.namprd05.prod.outlook.com> <539F1582.3010406@joelhalpern.com> <539F3856.4060401@innovationslab.net> <539F3AEB.4030201@joelhalpern.com> <539F3C5D.8020907@innovationslab.net>
To: Brian Haberman <brian@innovationslab.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/qkGKJmlT478lGSZ1qTrTGwbFEuI
Cc: lisp@ietf.org
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 08:43:14 -0000

Hi,

On 16 Jun 2014, at 20:50, Brian Haberman <brian@innovationslab.net> wrote:

> Hi Joel,
> 
> On 6/16/14 2:43 PM, Joel M. Halpern wrote:
>> My understanding is that security oriented threat analyses documents do
>> not generally, and the charter item for this document does not
>> specifically, call out mitigations.  Mitigation is, as your comment
>> suggests, a complex tradeoff as different mitigations have different
>> costs and different efficacy.  So the tradeoff in using mitigation
>> would, it seems to me, need to be in the document that proposes the
>> mechanisms.
> 
> The charter work item says:
> 
>    - LISP security threats and solutions

Previous versions of the threats document gave some “recommendations” (like fo instance the use of lisp-sec), but discuss on the ML and WG meetings lead to drop that section. So, why going back now?

> 
> My question was whether the WG plans to overhaul lisp-sec to describe
> the mitigations/solutions to the threats described in lisp-threats or
> just put them in one document.
> 

IMHO LISP-sec is a specific solution for a specific set of threats, hence, while it has to clearly state which attacks it solves I do not think that has to discuss all possible mitigations for the all possible threats. 

I was also thinking that similarly to the fact that threats are described by class, mitigation techniques (if we ever want to re-introduce them) should also be “cited” by class. 
I use the word “cited” because I do not think we need to document the details but just refer to existing techniques that can be used.
(note that this was more or less what we had in early versions of the document)

ciao

Luigi


> Regards,
> Brian
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp