IETF Logo Mail Archive

Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS)

Dino Farinacci <farinacci@gmail.com> Mon, 21 November 2016 23:50 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DC8B129502; Mon, 21 Nov 2016 15:50:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6gDNedylWQX; Mon, 21 Nov 2016 15:50:26 -0800 (PST)
Received: from mail-pg0-x244.google.com (mail-pg0-x244.google.com [IPv6:2607:f8b0:400e:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0C5A1294B0; Mon, 21 Nov 2016 15:50:25 -0800 (PST)
Received: by mail-pg0-x244.google.com with SMTP id x23so137906pgx.3; Mon, 21 Nov 2016 15:50:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uzuBTSOBtqbs+fiKGDsLmBkTsYEsmGapVw2MV8bn42s=; b=IJQJSmBnEqpv3wrm1w/CH07jmyBC+qIr5DxksQhn9TmLfgNpEeD+EjjAI3HpDdJok+ jvFMZP3YN1enzOZW/rDMJcFkanDBKUSLh1DUpt87sHehJof/DPgA/7p3L+4OvmN5u3Hr ASMTS48KAl7epTQQTnp6ko/e7k53VAWDBZW9xs8DQcqcYtXGXfnDeksS3lVWzXV8s3sF 2GcmdCsQyW+cySr81byUyyW1Mw43dgUR0b81+lclWrlKljpkW5g3pCX1QjXvmXA215sg IMCj8NezfqH0vHNFXVy33Xl2VFKgnCEo76GFLuqApl1A8wO40a13oQUT30T4XKVdQ08d TlWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uzuBTSOBtqbs+fiKGDsLmBkTsYEsmGapVw2MV8bn42s=; b=LMKQPHNT+eOpWEf7dIzTViFWaWik+x1uMhxwW5A6YeVppHWQKvLgV6b4SX97DOj07y dAfdEJt59AYm+26XDk1+ubTsbvT5Lk7NuRsi2vMGSDgWCzjCtnv8YNPT9g2jAVCC2I0m BUoUl3JlHtEPnPZlgqfd3sfodzl+Zi29Zt4Jti64q6xaSSFPa/aBHfSGUZCOcQzY1Cib OsCvkTSRqMMjhfGQpBGqBTsrZ1I1KgI8hScJ/2Dn48dXSUyUVKEII7ShsrjSErWX24ua jp1NCQTPkwmDjC6xOrD9+b7SrgJB7KTs01keyKai2NOtsjPKTGvNjqlZ3ZDUmiRpWKTy F6sQ==
X-Gm-Message-State: AKaTC03u0TIVvcoO6czK0fxFykSFP7rTgwZl3BSigXmN0mSPBkEu4wSty5rY9nWo7bP8Ew==
X-Received: by 10.98.67.138 with SMTP id l10mr21949411pfi.101.1479772225275; Mon, 21 Nov 2016 15:50:25 -0800 (PST)
Received: from dino-macbook.attlocal.net (adsl-76-254-33-53.dsl.pltn13.sbcglobal.net. [76.254.33.53]) by smtp.gmail.com with ESMTPSA id b64sm39949806pfc.74.2016.11.21.15.50.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Nov 2016 15:50:24 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <5b931a61-0c74-7045-ab1e-f240d762bde3@cs.tcd.ie>
Date: Mon, 21 Nov 2016 15:50:23 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <A7C91C70-91D4-47B2-B87D-22D26BF472AB@gmail.com>
References: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com> <C8878EFC-988C-4E98-ADF1-1AC0F70A03E2@gmail.com> <ea4dab08-0d07-e421-8956-e6ec3d27c3ad@cs.tcd.ie> <05301FBB-A11C-4709-8659-CE347E03AFB3@gmail.com> <5b931a61-0c74-7045-ab1e-f240d762bde3@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/uE9xoV7366RMcAhrqQXQVHvTrWI>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, LISP mailing list list <lisp@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 23:50:28 -0000

Snipping text a bit to make email more readable by third-parties.

>> 
>> It is a canonical form for all new types of addresses or information
>> we want to add in the future.
> 
> So maybe I'm being thick but I still don't see how one
> reliably orders things when the values are URIs that have
> paths with varying case, e.g. URI1="https://example.com/Foo/"
> and URI2="https://Example.com:443/foo". Can you explain how one
> ensures that all encoders produce the same order for the above
> or that it doesn't matter or that one never hits that case with
> two URIs being put in order?

The ordering is only needed for RLOC addresses. Addresses that are used for encapsulation. When a distinguished-name is used for an RLOC, it is ancillary data.

I think it is a whole lot simpler then they way you are generally thinking about it.

>>> I don't see the recommendation to not use/send/store this unless
>>> needed nor anything other than a generic warning to go read BCP160,
>>> which I'm not at all sure is something that would help LISP
>>> implementers. Do you really think they'll buy into the geopriv
>>> architecture? I don't really.
>>> 
>>> I'd argue that it'd be better to explain the issues here and to
>>> recommend to avoid the pitfalls we know exist.
>> 
>> It is here (page 35-36 in -20):
> 
> I don't see that in -21. I see text saying "there might be
> some privacy issues... maybe." The discuss point asked that
> it state that this information can be privacy sensitive and
> hence ought not be sent or stored unless it's needed. I also
> don't recall an argument that that kind of text would be wrong.

Based on your comment, the details were put in draft-farinacci-lisp-geo-02. I am not sure we should reference this draft in the LCAF draft since it is not a working group document. Others can comment.

>>> Are there no LISP use-cases where the Private ETR RLOC Address or 
>>> RTR RLOC Address could map to a host behind a NAT e.g. in my home?
>> 
>> Yes, kinda. But there is no need for the private-RLOC right now and
>> we are working that out in the NAT-traversal individual submission
>> draft.
>> 
>>> If there are (and there seem to be many LISP use-cases:-) then 
>>> maybe this warning is needed. But if not, yes, it'd not be needed. 
>>> Can you clarify?
>> 
>> We don’t know how ot clarify yet. We can in the future.
> 
> Why can't you fix this now? Why can't you say to not use this
> in any cases that might be privacy sensitive and give the example
> of exposing information about specific hosts behind a NAT as
> an example?

The NAT-traversal document says that, draft-ermagan-lisp-nat-traversal-11.

> I don't see why it's better to ignore problems like that, as
> we do know that when we ignore such things, they do come back
> to bite us in the ass later.

We are not ignoring problems at all. We are spec’ing them in full detail in the use-case documents where there is more supporting details and context to make these raised issues more understandable.

We have this document to defined types that we know we want to use in the future and have some level of detail on what the content to the messages should be but don’t have the detailed use-cases for ALL of them quite yet. In fact, this process has worked very well for us, because we did predict well and new use-cases have simply said “Use RLE as defined in the LCAF draft” or “use ELP as defined in the LCAF draft”. And there is many use-case drafts that point to this LCAF draft.

>>> LISP-DDT.
>> 
>>> seeing that go by in the discussion of lisp-crypto but I may be
>>> forgetting.
>> 
>> So are you good with my response?
> 
> I just had a look back at lisp-crypto and it seems I was remembering
> wrong and that doesn't support symmetric keys. Assuming I've not
> gotten that wrong again, this one is good:-)

lisp-crypto supports symmetric keys. And the reason is because the SAAG suggested we do so for performance in the data-plane. Remember?  ;-)

> 
>>>>> - 4.10.2: The same privacy issues apply here as for 4.3 and
>>>>> 4.4, if the MAC address maps to e.g.  a portable device carried
>>>>> by a person.
>>>> 
>>>> In this case, the MAC address can be a host/person. I put a
>>>> refernece to the Security Considersations section that
>>>> references RFC6280/BCP160.
>>> 
>>> See above WRT BCP160. I'm really not sure it's a great reference
>>> here, in terms of being useful to implementers.
>> 
>> See Security Considerations section.
> 
> I did. That text didn't help. Just referring to BCP160 is
> not good enough here IMO, you need some text to call out
> the actual issue, which is not called out clearly in that
> BCP, which deals with complex location issues in a pretty
> complex manner that is not IMO likely to be useful to
> LISP implementers.

See comment above about draft-farinacci-lisp-geo-02.

>>> 
>>>>> - 4.10.3 and all of section 5: What are these for?  I don't see
>>>>> the sense in defining these if there is no well defined way to
>>>>> use them. Any of these might have undesirable security and/or
>>>>> privacy characteristics.
>>>> 
>>>> We have use-cases for them. And they are being documented in
>>>> both other working group and individual contributed drafts.
>>> 
>>> Yeah but this seems like throwing the kitchen-sink and all at the
>>> mapping system, which seems to me to be a recipe for security and
>>> privacy failures. With the level of detail now available, how could
>>> we know for sure if I'm right or not? Wouldn't it be better to
>>> define these as they are needed and as they are better understood
>>> from the security/privacy POV?
>> 
>> They are needed and we are experimenting with them now. We can apply
>> updates when we learn more. We still do rough concensus and running
>> code.  ;-)
> 
> If more than one person writes code then they won't interop
> based on this low quality text. Running code does not mean

Someone just doesn’t look at this draft and say I want to implement the RLE LCAF. They say I want to offer draft-farinacci-lisp-predictive-rlocs or draft-ietf-lisp-signal-free-multicast in my products, therefore to support either or both use-cases, I implement the RLE LCAF according to what those drafts say. It is very specific because I write code for my own designs (and sometimes it happens backwards to the specs are detailed and accurate).

> it's ok to just sketch out definitions of data structures.
> IMO almost all of section 5 would be better deleted from this
> until good specification text exists.

We have agreement from the working group to go this route.

> I don't see a way to resolve this point. If the WG insist on
> including types for badly defined structures then I'll just

You cannot take read this document in isolation. It is accompanyed with other drafts (sorry I keep repeating myself).

> end up as an abstain on this. Can the chairs or AD confirm
> that the WG really have consensus to include all of the
> stuff in section 5 at this level of (missing) detail?

Yes, we need a mediator if this email doesn’t convince you Stephen.

Thanks,
Dino

v2.23.0 | Report a Bug | By Email