Re: [lisp] Restarting last call on LISP threats

Dino Farinacci <farinacci@gmail.com> Wed, 28 May 2014 18:31 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D93771A04A8 for <lisp@ietfa.amsl.com>; Wed, 28 May 2014 11:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwqyb-bNJ0NC for <lisp@ietfa.amsl.com>; Wed, 28 May 2014 11:31:11 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C8E71A0493 for <lisp@ietf.org>; Wed, 28 May 2014 11:31:11 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id wp4so10930814obc.36 for <lisp@ietf.org>; Wed, 28 May 2014 11:31:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XwBuP4EC6GhulbDJjLGbjmho/evJJSG4BYD4dvC18fE=; b=mYX4iwBvvjSPAMFdcofJONLBmRlnKIcJrLzBEgFbwJjzsTG8fNZKZqy+ouvxfO5Wgr n7GEB4tt81XQeVT+UcHC9aUH7+swJMGvpSZM83Ql2SxQ95uduqFiclMsdifzTZTMjkNJ 8aHRU0zpTeQM815MPjRQyolJpITCO+9+KzSnTgUmSt4/RMGzgHnfOXVqbKzome0uKpoX 0O0A1gknTDf07x9g4ymCKFyS8aLzNqPYGKhTWKO8LgseDM4Kqxm9mVQLN/gXYbBTaflS aPSBAa5AEWbUIC7z5rzYn8EMQCkWerpU9PSKEJLYiIfRUYacDu8Ey3VogC3jPVobScMr dkfQ==
X-Received: by 10.60.94.231 with SMTP id df7mr2049780oeb.26.1401301867588; Wed, 28 May 2014 11:31:07 -0700 (PDT)
Received: from [10.0.0.196] ([12.7.174.218]) by mx.google.com with ESMTPSA id xg9sm22235525oeb.17.2014.05.28.11.31.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 28 May 2014 11:31:05 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <de313a035023423f9eb79ec08b4f4245@CO2PR05MB636.namprd05.prod.outlook.com>
Date: Wed, 28 May 2014 11:31:03 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A97311B8-C324-4A25-869B-D4F879B71837@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com> <860b7987207345afb282a82862ff42c0@CO1PR05MB442.namprd05.prod.outlook.com> <F4799A7A-BAEF-458A-8C43-9DF16C9B7828@gmail.com> <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com> <2CF699DA-2BAA-4A76-BFF1-64625E001184@gmail.com> <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com> <3269BEE4-C3E5-4D76-A1C0-0B70B6928A12@gmail.com> <dd849ce0cca749c885c5b8a1e989f758@CO1PR05MB442.namprd05.prod.outlook.com> <538361DA.10808@joelhalpern.com> <029e0f8bc7ba433ba4d3ee70b8431f9f@CO1PR05MB442.namprd05.prod.outlook.com> <FB6C01EE-2BB8-4848-8AA2-9512F8FE064A@gmail.com> <5384AB4E.2010208@joelhalpern.com> <8F830D21-5689-476C-97E9-7D92A1CBAA28@gmail.com> <de313a035023423f9eb79ec08b4f4245@CO2PR05MB636.namprd05.prod.outlook.com>
To: Ross Callon <rcallon@juniper.net>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/zBDJ17TVGEiCWkqxwqzL85q-jV8
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 18:31:13 -0000

> Thanks for agreeing to update the document. I would be happy to contribute to discussions related to the update. Please include me on the appropriate point to point exchanges. 

Thanks a lot Ross. And I'd be willing to help with the document that identifies mitigation techniques to each of the threats in the threats document.

Dino

> 
> Thanks, Ross
> 
> -----Original Message-----
> From: lisp [mailto:lisp-bounces@ietf.org] On Behalf Of Damien Saucez
> Sent: Tuesday, May 27, 2014 12:06 PM
> To: LISP mailing list list
> Subject: Re: [lisp] Restarting last call on LISP threats
> 
> Dear all,
> 
> Thank you all for the passion you put in discussing the threats
> document.  We have read all the arguments and arrived to the
> conclusion that the threat document needs to be reshaped so to clear
> all misunderstandings.  We will provide a new version for early July
> that does not exclude any scenarios.  Actually most of problems
> pinpointed are already covered somehow in the document but
> precisions/rephrasing have to be done to make things clear.
> 
> For the sake of efficiency, while writing the new proposal in the
> coming weeks, we will make point-to-point exchanges with the different
> people that contributed to the discussion so to be sure that we
> address all their comments.
> 
> Thanks,
> 
> Damien Saucez
> 
> On 27 May 2014, at 17:12, Joel M. Halpern <jmh@joelhalpern.com> wrote:
> 
>> Can we please not get into a debate about how well BCP38 is or is not deployed, whether violations are remotely detectable, ...This is NOT the working group for that.
>> 
>> For our purposes, given that source address forging is known to occur, we have to allow it in the threat analysis.
>> 
>> Yours,
>> Joel
>> 
>> On 5/27/14, 11:04 AM, Dino Farinacci wrote:
>>> 
>>>> Also, recall that large BCP38 holes exist in today's internet.
>>> 
>>> And I am going to repeat again, this is not a binary statement. That is, if a BCP38 hole exists in one part of the network, source spoofing can still be detected in other parts of the network.
>>> 
>>> Dino
>>> 
>>> 
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp