Re: [lisp] Restarting last call on LISP threats
Ross Callon <rcallon@juniper.net> Thu, 15 May 2014 21:48 UTC
Return-Path: <rcallon@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7453D1A0150 for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bNqs33Tz0VJ for <lisp@ietfa.amsl.com>; Thu, 15 May 2014 14:48:00 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0204.outbound.protection.outlook.com [207.46.163.204]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B2D11A014B for <lisp@ietf.org>; Thu, 15 May 2014 14:48:00 -0700 (PDT)
Received: from CO2PR05MB636.namprd05.prod.outlook.com (10.141.199.24) by BLUPR05MB433.namprd05.prod.outlook.com (10.141.27.140) with Microsoft SMTP Server (TLS) id 15.0.944.11; Thu, 15 May 2014 21:47:45 +0000
Received: from CO2PR05MB636.namprd05.prod.outlook.com ([10.141.199.24]) by CO2PR05MB636.namprd05.prod.outlook.com ([10.141.199.24]) with mapi id 15.00.0944.000; Thu, 15 May 2014 21:47:44 +0000
From: Ross Callon <rcallon@juniper.net>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Joel Halpern Direct <jmh.direct@joelhalpern.com>, Ronald Bonica <rbonica@juniper.net>, Roger Jørgensen <rogerj@gmail.com>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPa58M9eFhkxJvMEaw1MEc+Ryfdps9MyiAgAD04oCAAJ/u8IAAAtXQgABKWQCAAub1gIAAA9wAgAA0wSCAAAEgAIAAAVZA
Date: Thu, 15 May 2014 21:47:43 +0000
Message-ID: <d2cdd5d87e57474eb1fc8ef42583b308@CO2PR05MB636.namprd05.prod.outlook.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <5372950E.3080704@joelhalpern.com> <172db6c3e26f458ebd70141bed7b7a8b@CO1PR05MB442.namprd05.prod.outlook.com> <53750788.900@joelhalpern.com> <0f6d1eca517e45f7ac5217f3ba1e8d80@CO2PR05MB636.namprd05.prod.outlook.com> <537534BA.6020106@joelhalpern.com>
In-Reply-To: <537534BA.6020106@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.11]
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(51704005)(199002)(189002)(24454002)(377454003)(13464003)(479174003)(19580405001)(76482001)(74502001)(561944003)(83322001)(50986999)(77096999)(76176999)(54356999)(31966008)(15975445006)(33646001)(77982001)(46102001)(99396002)(81342001)(81542001)(99286001)(74316001)(74662001)(19580395003)(80022001)(86362001)(66066001)(21056001)(76576001)(92566001)(20776003)(64706001)(79102001)(85852003)(1941001)(83072002)(87936001)(101416001)(2656002)(4396001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR05MB433; H:CO2PR05MB636.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rcallon@juniper.net;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/t1O_9IYoreMpZA4BMgoabafTgDU
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 21:48:03 -0000
No problem. I just didn't want the other issues to be forgotten in the excitement over gleaning. Ross -----Original Message----- From: Joel M. Halpern [mailto:jmh@joelhalpern.com] Sent: Thursday, May 15, 2014 5:42 PM To: Ross Callon; Joel Halpern Direct; Ronald Bonica; Roger Jørgensen Cc: lisp@ietf.org Subject: Re: [lisp] Restarting last call on LISP threats I may have misread the discussion. I was commenting only on the one topic of gleaning. I was leaving it to the authors to respond to your other comments. Yours, Joel On 5/15/14, 5:39 PM, Ross Callon wrote: > I raised a list of problems. They are not all already mentioned in the threats document (eg, note the privacy issue at the end of my detailed email). > > Ross > > -----Original Message----- > From: Joel Halpern Direct [mailto:jmh.direct@joelhalpern.com] > Sent: Thursday, May 15, 2014 2:29 PM > To: Ronald Bonica; Joel M. Halpern; Roger Jørgensen; Ross Callon > Cc: lisp@ietf.org > Subject: Re: [lisp] Restarting last call on LISP threats > > The threats document does not specify how to resolve the threats. It > identifies problems. In this particular case, it already identifies the > problem that Ross raised. Quite clearly. > > There is no dependence on the documents Roger pointed to. They are ways > of remediating the threat. > > Yours, > Joel > > On 5/15/14, 2:15 PM, Ronald Bonica wrote: >> Joel, >> >> The threats document should not depend on lisp-sec or lisp-crypto. >> However, Roger's response did rely on those documents (see his >> response, below). >> >> So, we are left to explore whether something was omitted from the >> threats document. Standby for my response to Roger. >> >> Ron >> >> >> >>> -----Original Message----- From: Joel M. Halpern >>> [mailto:jmh@joelhalpern.com] Sent: Tuesday, May 13, 2014 5:57 PM >>> To: Ronald Bonica; Roger Jørgensen; Ross Callon Cc: lisp@ietf.org >>> Subject: Re: [lisp] Restarting last call on LISP threats >>> >>> Ron, I am having trouble with the question. >>> >>> The threats document describes the threats as they exist today, >>> without the adoption of either document that Roger pointed to. >>> Thus, I do not see any dependence. >>> >>> If there is a threat that is not well described in the base spec or >>> this document, then we should add it. We should add it even if >>> there are proposals to remediate it. But if there is a clear >>> proposal of a missing threat, I missed it. >>> >>> Yours, Joel >>> >>> On 5/13/14, 1:31 PM, Ronald Bonica wrote: >>>> Hi Roger, >>>> >>>> Or asked more explicitly, can the level of security claimed by >>>> the threats >>> document be achieved without implementing the protocol extensions >>> described in lisp-sec and lisp-crypto? >>>> >>>> Ron >>>> >>>> >>>>> -----Original Message----- From: Ronald Bonica Sent: Tuesday, >>>>> May 13, 2014 1:22 PM To: 'Roger Jørgensen'; Ross Callon Cc: >>>>> lisp@ietf.org Subject: RE: [lisp] Restarting last call on LISP >>>>> threats >>>>> >>>>> Hi Roger, >>>>> >>>>> Can this draft stand on its own, without integrating content >>>>> from the documents that you reference? >>>>> >>>>> >>>>> Ron >>>>> >>>>>> >>>>>> There exist two draft that are relevant to what you address. >>>>>> >>>>>> You have >>>>>> https://datatracker.ietf.org/doc/draft-farinacci-lisp-crypto/ >>>>>> >>>>>> > where the payload of a LISP encapsulated packet are encrypted. None >>>>>> of the keys for encrypting/decrypting are stored in the >>>>>> mapping system but is calculated by the xTR's involved. Then >>>>>> you have >>>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ that >>>>>> attempts to secure the xTR to xTR relationship. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>> >>>> _______________________________________________ lisp mailing >>>> list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp >>>> >
- [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel Halpern Direct
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sander Steffann
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Sharon
- Re: [lisp] Restarting last call on LISP threats Paul Vinciguerra
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sharon Barkai
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Darrel Lewis (darlewis)
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern