Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.txt
Dino Farinacci <farinacci@gmail.com> Mon, 20 February 2023 19:32 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12D00C151545; Mon, 20 Feb 2023 11:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fpEJEZbqkUZz; Mon, 20 Feb 2023 11:32:25 -0800 (PST)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57B29C14F724; Mon, 20 Feb 2023 11:32:25 -0800 (PST)
Received: by mail-pj1-x1029.google.com with SMTP id oe18-20020a17090b395200b00236a0d55d3aso2876053pjb.3; Mon, 20 Feb 2023 11:32:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6utUSt/+iF5bqt97veDIdJWdm1Bu7tX6EuXAj/9T17s=; b=C5UWmsn8m4yJmd/SoDLc85MlZRQwKyMJ5NOTzJianHLpgKnteAiWgRdxyF14Wf3zbL EFDmZSHTNBagEx6jwZ+wVB0RFH+Y6rfTJAH3Q8Wpn+s9Qc0bMc9lhxDXrbCWzEU80zcg YSW9GeKIMcUymgs+r6jPppK5/C5lD9NdIdGoYVyJrxQPFVydib1fyxZrsxJRCCyeB4cw WS896vsx5e+vgACMmvm5/Y3embAEytCAldBq70HmEEerJh5WPVhdW7dySJXllmLxwUmM ymx7o8db6Rzv5RIkJTaLM+FRcTx1VnwFWQu9dre0gZ4q41qYtx2CgIH0UXx0/uccdNbN mAIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6utUSt/+iF5bqt97veDIdJWdm1Bu7tX6EuXAj/9T17s=; b=7h4oHkw+dnGtMyHeByxEhdibx6zMXkJcFmcDKOjQAA1zsGDLbMwRhtuqQoxoytyuoN RCPlRQTbI6SNsYCwO0CH6zzAM/nIDmWbxrKQYXOW32Hu0YMiHaAo1/a4VLrt6oflTECc BiK0Su+WL5we34p0SKQj0wODNYcB+wlMaFhdP5ml7bgW62jnBkD8fyuVnLIfDMfhR12W fkxBpENgTY8tumgoN+rHVs80WXAUh/V9PGgeJQ3XZAb9m9eazSvDzV5rLDxrt1P7MS2V BzaFz8/UrnC9NeYN/6EhtYEghE/+R8CanPcYlFRp3BexPka9ULCdu2g1PksBz3DxvZ2j /9WA==
X-Gm-Message-State: AO0yUKXJtq6gcjy5x4xNZkYLyzu9JgbrD7gz5Ba2bDPwJO/a4qPuQn+c 51pwljDdkWG5deAjXZlVTt0=
X-Google-Smtp-Source: AK7set9PHJ4NdU2YBzbv+N3GUxTZq7vSSScx7VlrS1Jvafuc3utE4nbScKRn3QgNvVsBudcewQKRzw==
X-Received: by 2002:a17:902:eccc:b0:19a:74c7:dcda with SMTP id a12-20020a170902eccc00b0019a74c7dcdamr4440174plh.15.1676921544479; Mon, 20 Feb 2023 11:32:24 -0800 (PST)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id je15-20020a170903264f00b00199025284b3sm8351682plb.151.2023.02.20.11.32.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Feb 2023 11:32:24 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <BYAPR11MB35913D6D38596F18D0CD62ABB6A49@BYAPR11MB3591.namprd11.prod.outlook.com>
Date: Mon, 20 Feb 2023 11:32:13 -0800
Cc: "lisp@ietf.org list" <lisp@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <63B796C4-0FF0-4A82-AAC5-C3579B82F9CD@gmail.com>
References: <167650123062.58724.17986653907732322063@ietfa.amsl.com> <7B06BF29-E69A-4B81-8DE2-EA4FE895BD75@gmail.com> <BYAPR11MB35913D6D38596F18D0CD62ABB6A49@BYAPR11MB3591.namprd11.prod.outlook.com>
To: "Alberto Rodriguez-Natal (natal)" <natal@cisco.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/sU0v-7WrWpVsWeNSxEUMNYx6_IA>
Subject: Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2023 19:32:29 -0000
But the references you provide, suggest that configuration information is required so the verification can be performed. The text in the PubSub document is just too general. I would add, that verification is done through configuration. Dino > On Feb 20, 2023, at 10:37 AM, Alberto Rodriguez-Natal (natal) <natal@cisco.com> wrote: > > Dino, > It is not the intention of the specification to recommend or to prescribe how deployments will enforce the recommendations in 1.1. Rather than focus on implementation examples, the reader should focus on the recommendations themselves. Please also consider that while the implementation of the recommendations in Section 1.1 of PubSub is left out of scope, these recommendations are in the same “order of magnitude” of similar out-of-scope recommendations/assumptions made on the main LISP specs, some examples: > “The Mapping System is aware of which EIDs an ETR can advertise. How those keys and mappings are established is out of scope for this document.” – RFC 9301, Section 9 > “[…] a Map-Server MUST verify that all EID-Prefixes registered by an ETR match the configuration stored on the Map-Server.” – RFC 9301, Section 9 > “Similarly, Map-Register security, including the right for a LISP entity to register an EID-Prefix or to claim presence at an RLOC, is out of the scope of LISP-SEC.” – RFC 9303, Section 7.1 > “The Mapping System is secure and trusted, and for the purpose of these security considerations, the Mapping System is considered as one trusted element. ” – RFC 9301, Section 9 > With that perspective, we believe the recommendations made for PubSub do not depart too much from the tone set by the general LISP recommendations/assumptions. > Thanks, > Alberto > From: lisp <lisp-bounces@ietf.org> on behalf of Dino Farinacci <farinacci@gmail.com> > Date: Thursday, February 16, 2023 at 12:31 AM > To: lisp@ietf.org list <lisp@ietf.org> > Cc: i-d-announce@ietf.org <i-d-announce@ietf.org> > Subject: Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.txt > Comment: > <PastedGraphic-2.png> And how does a Map-Resolver verify a Map-Request? There is no security association with it unless it uses draft-ietf-lisp-ecdsa-auth. > And what does "an xTR is allowed to use" mean? Based on what, a white-list in the Map-Resolver, which is intractable? > And for point (2), how does the Map-Server know which are legit Map-Resolvers? > This text is hand-waving with no support text to say how it does it. > Dino > > > On Feb 15, 2023, at 2:47 PM, internet-drafts@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Locator/ID Separation Protocol WG of the IETF. > > Title : Publish/Subscribe Functionality for the Locator/ID Separation Protocol (LISP) > Authors : Alberto Rodriguez-Natal > Vina Ermagan > Albert Cabellos > Sharon Barkai > Mohamed Boucadair > Filename : draft-ietf-lisp-pubsub-13.txt > Pages : 21 > Date : 2023-02-15 > > Abstract: > This document specifies an extension to the request/reply based > Locator/ID Separation Protocol (LISP) control plane to enable > Publish/Subscribe (PubSub) operation. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lisp-pubsub/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-lisp-pubsub-13 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-lisp-pubsub-13 > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] I-D Action: draft-ietf-lisp-pubsub-13.txt internet-drafts
- Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.… Dino Farinacci
- Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.… Alberto Rodriguez-Natal (natal)
- Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.… Dino Farinacci
- Re: [lisp] I-D Action: draft-ietf-lisp-pubsub-13.… Alberto Rodriguez-Natal (natal)