Re: [lisp] Eric Rescorla's Discuss on draft-ietf-lisp-rfc6833bis-16: (with DISCUSS and COMMENT)
Dino Farinacci <farinacci@gmail.com> Sat, 29 September 2018 16:30 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 721C2130E37; Sat, 29 Sep 2018 09:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HiL4r14jX6Hq; Sat, 29 Sep 2018 09:30:34 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9276E128C65; Sat, 29 Sep 2018 09:30:34 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id l9-v6so6309384pff.9; Sat, 29 Sep 2018 09:30:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/HU3qrTDbgjIUUpTw8K0izCJ5NPjj3FzXag2gtaGWpU=; b=Kx+aOToBAYXcBKlPCEvIvuXSdzf2cMUOtvLrGIzVpDjvsa72Xz0eYuwn/F4Mhghskz q8JmHdKboNWZv/TiSbqkMRFylFZgsQAch+8/Wj2DiowZRbICaJVTRWdSvQT04+zjVNKY YF/ek5816LSUlmhocZFnDq43LLuFdiEqCeyyXQXaCoj+7OxoMLw+rcwtDZtYnyo46fA9 Zlcq05e2OW6g7mDocGurG+ayjG/e+T/XBTJIxX3bFc367as4FR3IuICBXJs6kXzOc5md hd+dYsWEbJDFGhXLj3UOyI9NIIUaZ3HdGVcyIJgXI9+KuIvJTdgCEAg9dfSdgWqEvr+8 aVxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/HU3qrTDbgjIUUpTw8K0izCJ5NPjj3FzXag2gtaGWpU=; b=F38XtNbrAFQKOI800dn1gNV2/5Z77pfsHwzdtreMDms7/m5B9j7KGNZDIntV3hP5XO v0KddAT30j0XDscwU5N++Pj8TRiT8zAlLIuZ5q+7XDgrbi6FJBdNUHGxPS5RXl5ndgK9 WlUe9jCMc2akJJ4eDw0OP0b6ULHSpOjJdmpiDRI5jKi4YsdO3eUdGMaG/5Jhrg7GQIZN G66ohQtOzmS1EwgksL089FawnmKq6lvhbJFJvAdOuVuk0kMugEizOLsMO2X/L+t+ZFgv JF0NT5wKSAFWAmuZpYhkp4s01xUug3Tr3Q5mBd1xPH3aYlH4ILBwOgSytH3PSYPZiOhn zyqw==
X-Gm-Message-State: ABuFfoiXO0hKRJukB44QS4lEi9GlEYftf/Z8OjHy0tU76aeLBcAl8yRO lIOcm0VXZJxfRL8sncy4NKQ=
X-Google-Smtp-Source: ACcGV62ADfxO57O8G5buqWRF8efji4wQb3ehL/87cEBQvSf33t2UzEJrVyWqWfNaEzWJtKPZhtVksg==
X-Received: by 2002:a62:9fc4:: with SMTP id v65-v6mr3738283pfk.130.1538238633906; Sat, 29 Sep 2018 09:30:33 -0700 (PDT)
Received: from [10.31.79.57] ([96.72.181.209]) by smtp.gmail.com with ESMTPSA id c79-v6sm7164728pfc.92.2018.09.29.09.30.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Sep 2018 09:30:33 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <153805056019.26512.877252229948689152.idtracker@ietfa.amsl.com>
Date: Sat, 29 Sep 2018 09:30:32 -0700
Cc: The IESG <iesg@ietf.org>, draft-ietf-lisp-rfc6833bis@ietf.org, Luigi Iannone <ggx@gigix.net>, lisp-chairs@ietf.org, lisp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F1E6357D-0A02-4A2E-B98E-7B34D7AB5EA0@gmail.com>
References: <153805056019.26512.877252229948689152.idtracker@ietfa.amsl.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/wqrQyRf7R7vSyqHbWt7Z4r7bgwY>
Subject: Re: [lisp] Eric Rescorla's Discuss on draft-ietf-lisp-rfc6833bis-16: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Sep 2018 16:30:38 -0000
Thanks Eric for your great comments. Like I said in previous emails, I’ll address the simple things here and then handle all the security related stuff separately next week. I will do the same with Benjamin’s comments as well. And in his reply, send a diff with changes that reflect both Eric and Benjamin’s comments. > On Sep 27, 2018, at 5:16 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > Rich version of this review at: > https://mozphab-ietf.devsvcdev.mozaws.net/D4115 > > > IMPORTANT > S 5.2. >> s: This is the SMR-invoked bit. This bit is set to 1 when an xTR is >> sending a Map-Request in response to a received SMR-based Map- >> Request. >> >> m: This is the LISP mobile-node m-bit. This bit is set by xTRs that >> operate as a mobile node as defined in [I-D.ietf-lisp-mn]. > > This would appear to create a normative reference to this document. To > avoid that, you need to specify how I behave if I receive it but I > don't implement lisp-mn. I am find making it a normative reference but need the lisp-chairs to comment. I am not sure what the implications of that are. > > S 5.2. >> m: This is the LISP mobile-node m-bit. This bit is set by xTRs that >> operate as a mobile node as defined in [I-D.ietf-lisp-mn]. >> >> I: This is the xTR-ID bit. When this bit is set, what is appended to >> the Map-Request is a 128-bit xTR router-ID. See LISP PubSub usage >> procedures in [I-D.ietf-lisp-pubsub] for details. > > here too you seem to be creating a normative reference. LISP-chairs? > S 5.5. >> is being mapped from a multicast destination EID. >> >> 5.5. EID-to-RLOC UDP Map-Reply Message >> >> A Map-Reply returns an EID-Prefix with a prefix length that is less >> than or equal to the EID being requested. The EID being requested is > > How do I behave if I receive an EID-Prefix that is less than any of my > mappings. So, I might have mappings for 10.1.0.0/16 and 10.2.0.0/16 > and someone asks me for 10.0.0.0/8? Also, when you talk about prefix > length, I assume you mean the length fo the mask? Yes, this is explained later in this section. Was that not helpful?? > S 5.6. >> Authentication Data: This is the message digest used from the output >> of the MAC algorithm. The entire Map-Register payload is >> authenticated with this field preset to 0. After the MAC is >> computed, it is placed in this field. Implementations of this >> specification MUST include support for HMAC-SHA-1-96 [RFC2404], >> and support for HMAC-SHA-256-128 [RFC4868] is RECOMMENDED. > > What prevents replay attacks here? I'm guessing it's the Map-Version- > Number, but as I understand it, I can set this to 0. Well there are many. The nonce can change for each Map-Register sent. Same for Map-Version number as well as the key-id. > S 6.1. >> receives an SMR-based Map-Request and the source is not in the >> Locator-Set for the stored Map-Cache entry, then the responding Map- >> Request MUST be sent with an EID destination to the mapping database >> system. Since the mapping database system is a more secure way to >> reach an authoritative ETR, it will deliver the Map-Request to the >> authoritative source of the mapping data. > > If I'm understanding this correctly, this allows an ETR to prevent an > ITR from learning that it is no longer the appropriate ETR for a > prefix. The way this attack works is that before the topology shift, I > send SMRs, thus causing Map-Requests, which, because my entry is > cached, refresh the cache on the ITR past the topology shift. I can > keep doing this indefinitely. Am I missing something Well if the ETR is being spoofed, then there is Map-Request load, but it won’t corrupt the ITR’s map-cache. The ITR always sends a verifying Map-Request to the mapping system to get the latest and authenticated RLOC-set for the mapping. Rate-limiting is necessary so each SMR received DOES NOT result in a Map-Requerst to the mapping system. > S 8.2. >> authentication data, so prior to sending a Map-Register message, the >> ETR and Map-Server SHOULD be configured with a shared secret or other >> relevant authentication information. A Map-Server's configuration >> SHOULD also include a list of the EID-Prefixes for which each ETR is >> authoritative. Upon receipt of a Map-Register from an ETR, a Map- >> Server accepts only EID-Prefixes that are configured for that ETR. > > How does it know? It is provisioned by the mapping service provider (MSP). When the LISP site is allocated an EID-prefix, it configures all the xTRs that connect that site. And then the LISP site (the admins at the site), shop for an MSP and tell them what EID-prefixes, they will be registering. That is when the shared-key between the LISP site and MSP is exchanged via a manul out-of-band business process. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > S 5. >> \ | UDP Length | UDP Checksum | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | | >> | LISP Message | >> | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > What do these two diagrams correspond to? v4 and v6? This needs > explanation. It is th entire IP packet sent as a LISP control-message. The header before the diagrams indicate they are UDP packets. > S 5.2. >> Type: 1 (Map-Request) >> >> A: This is an authoritative bit, which is set to 0 for UDP-based Map- >> Requests sent by an ITR. It is set to 1 when an ITR wants the >> destination site to return the Map-Reply rather than the mapping >> database system. > > I don't understand this sentence, as literally it would say that you > should not return "the mapping database system" but that doesn't make > any sense. This was already fixed in a later revision. Now says: A: This is an authoritative bit, which is set to 0 for UDP-based Map- Requests sent by an ITR. It is set to 1 when an ITR wants the destination site to return the Map-Reply rather than the mapping database system returning a Map-Reply. > > S 5.2. >> P: This is the probe-bit, which indicates that a Map-Request SHOULD >> be treated as a Locator reachability probe. The receiver SHOULD >> respond with a Map-Reply with the probe-bit set, indicating that >> the Map-Reply is a Locator reachability probe reply, with the >> nonce copied from the Map-Request. See RLOC-Probing Section 7.1 >> for more details. > > How am I supposed to handle this if I am a Map Server. It should be ignored. I will add text to reflect this point. Good point. > > S 5.2. >> receipt. >> >> L: This is the local-xtr bit. It is used by an xTR in a LISP site to >> tell other xTRs in the same site that it is part of the RLOC-set >> for the LISP site. The L-bit is set to 1 when the RLOC is the >> sender's IP address. > > Is the xTR supposed to filter this on exiting the site. Nope. > > S 5.2. >> >> Nonce: This is an 8-octet random value created by the sender of the >> Map-Request. This nonce will be returned in the Map-Reply. The >> security of the LISP mapping protocol critically depends on the >> strength of the nonce in the Map-Request message. The nonce >> SHOULD be generated by a properly seeded pseudo-random (or strong > > This seems like it needs to be a MUST. Yes, I agree. I cannot remember why we made it a SHOULD. > > S 5.3. >> originating Map-Request source. If the RLOC is not in the Locator- >> Set, then the ETR MUST send the "verifying Map-Request" to the >> "piggybacked" EID. Doing this forces the "verifying Map-Request" to >> go through the mapping database system to reach the authoritative >> source of information about that EID, guarding against RLOC-spoofing >> in the "piggybacked" mapping data. > > This text here doesn't seem compatible with either of the two cases > listed in "EID-prefix" above. I don’t understand the comment Eric. Maybe because I can’t find the exact reference to EID-prefix where you think there is a conflict. Please cite for me. Thanks. > > S 5.4. >> >> Nonce: This is a 24-bit value set in a Data-Probe >> [I-D.ietf-lisp-rfc6830bis] or a 64-bit value from the Map-Request >> is echoed in this 'Nonce' field of the Map-Reply. When a 24-bit >> value is supplied, it resides in the low-order 64 bits of the >> 'Nonce' field. > > Nit: a 64-bit quantity doesn't really have low-order bits if it's not > numeric. Do you mean "rightmost"? Also, what are the other bits. Really good point. I’ll fix. > > > S 5.4. >> 'Nonce' field. >> >> Record TTL: This is the time in minutes the recipient of the Map- >> Reply will store the mapping. If the TTL is 0, the entry MUST be >> removed from the cache immediately. If the value is 0xffffffff, >> the recipient can decide locally how long to store the mapping. > > Am I supposed to merge this with previous mappings? REmove them? No replace it. There is text that says this that is not in the packet format description section. > S 8.3. >> of the mapping database protocols. >> >> 8.3. Map-Server Processing >> >> Once a Map-Server has EID-Prefixes registered by its client ETRs, it >> can accept and process Map-Requests for them. > > This section is confusing because the introduction says that this > function is only performed by Map-Resolvers: > ' > "The LISP Mapping Service defines two new types of LISP-speaking > devices: the Map-Resolver, which accepts Map-Requests from an > Ingress > Tunnel Router (ITR) and "resolves" the EID-to-RLOC mapping using a > mapping database; and the Map-Server, which learns authoritative > EID- > to-RLOC mappings from an Egress Tunnel Router (ETR) and publishes > them in a database.” The document does cover the operation of a Map-Resolver and a Map-Server. Some functions are performed only by Map-Resolvers only and other different functions are performed by Map-Servers only. I am not sure what you don’t understand. Thanks, Dino
- [lisp] Eric Rescorla's Discuss on draft-ietf-lisp… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Dino Farinacci
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Joel M. Halpern
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Joel M. Halpern
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Joel M. Halpern
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Dino Farinacci
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Dino Farinacci
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Dino Farinacci
- Re: [lisp] Eric Rescorla's Discuss on draft-ietf-… Benjamin Kaduk