IETF Logo Mail Archive

Re: [lisp] Nonce in PubSub

Erik Nordmark <nordmark@acm.org> Fri, 17 November 2017 07:17 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1057012741D for <lisp@ietfa.amsl.com>; Thu, 16 Nov 2017 23:17:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FH_QXWa_TMbO for <lisp@ietfa.amsl.com>; Thu, 16 Nov 2017 23:17:14 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0308127B73 for <lisp@ietf.org>; Thu, 16 Nov 2017 23:17:14 -0800 (PST)
Received: from [31.133.146.1] (dhcp-9201.meeting.ietf.org [31.133.146.1]) (authenticated bits=0) by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id vAH7H9vL024499 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 16 Nov 2017 23:17:11 -0800
To: Alberto Rodriguez-Natal <rodrigueznatal@gmail.com>, "lisp@ietf.org list" <lisp@ietf.org>
References: <CA+YHcKFoOcQvFRBsLhGq7_XHRaKuDiVKTqKR9v9jNroQ25YTpA@mail.gmail.com>
From: Erik Nordmark <nordmark@acm.org>
Message-ID: <826333ea-ed39-96f5-8047-073ac6aad498@acm.org>
Date: Fri, 17 Nov 2017 15:17:08 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CA+YHcKFoOcQvFRBsLhGq7_XHRaKuDiVKTqKR9v9jNroQ25YTpA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Sonic-CAuth: UmFuZG9tSVYUdaa+d0ozgCwneQQuemTKlrDgv8iUW94pxNowZYB16kEdJ+4C30mjYH/OwPJ9MEjvnkRp3A8+CiZnwWtHjmPB
X-Sonic-ID: C;qvonU2fL5xGbMoKfRUfeDw== M;3I0WVGfL5xGbMoKfRUfeDw==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/v-joiYcWXRXDdBLRNB_9wAt14_0>
Subject: Re: [lisp] Nonce in PubSub
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 07:17:16 -0000

On 11/17/2017 10:49 AM, Alberto Rodriguez-Natal wrote:
> Just to clarify what was discussed in the meeting. The nonce used in
> the Map-Request requesting the subscription will be used in the
> Map-Notify that confirms the subscription. This is at top of page 6 in
> the draft.
> 
> Similarly, a Map-Notify sent as publication will be ack'ed by a
> Map-Notify-Ack using its nonce.

Albero,

My understanding from Dino's comment at the make was that in his 
implementation the map-notify has the nonce from the original map-request.

The reason I asked about this is that there are some additional security 
benefits if the map-notify has a nonce which corresponds to what the xTR 
had sent in the map-request. Otherwise you need some other mechanism to 
guard against receiving spoofed map-notifies.

    Erik

> 
> https://tools.ietf.org/html/draft-rodrigueznatal-lisp-pubsub-01
> 
> Thanks,
> Alberto
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>

v2.23.0 | Report a Bug | By Email