IETF Logo Mail Archive

Re: [RAM] Re: draft-bagnulo-lisp-threat-01

Dino Farinacci <dino@cisco.com> Fri, 13 July 2007 23:21 UTC

Return-path: <ram-bounces@iab.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9US8-0008R1-QI; Fri, 13 Jul 2007 19:21:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9US6-0008Qd-N4 for ram@iab.org; Fri, 13 Jul 2007 19:21:34 -0400
Received: from rtp-iport-1.cisco.com ([64.102.122.148]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9US2-0003r5-CM for ram@iab.org; Fri, 13 Jul 2007 19:21:34 -0400
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-1.cisco.com with ESMTP; 13 Jul 2007 19:21:30 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAAmll0ZAZnme/2dsb2JhbAA
X-IronPort-AV: i="4.16,538,1175486400"; d="scan'208"; a="65151883:sNHT26059446"
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l6DNLUpM016615; Fri, 13 Jul 2007 19:21:30 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6DNLOEZ019354; Fri, 13 Jul 2007 23:21:24 GMT
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 19:21:24 -0400
Received: from [192.168.0.4] ([10.82.210.56]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 19:21:23 -0400
In-Reply-To: <69C39BDA-E346-40D7-8378-2E9CBACBE0ED@it.uc3m.es>
References: <E1I7yhK-0001vj-4f@stiedprstage1.ietf.org> <1A1EE942-944D-4CE6-8C79-C8382C000D1B@it.uc3m.es> <4695B066.4000805@firstpr.com.au> <E043AFCF-959F-4E77-951B-9B45EF6ACF7D@it.uc3m.es> <BB5EC874-6D09-4343-82A0-63617980A2FF@cisco.com> <69C39BDA-E346-40D7-8378-2E9CBACBE0ED@it.uc3m.es>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <53AFD529-2430-4405-AA02-55535E4850A1@cisco.com>
Content-Transfer-Encoding: 7bit
From: Dino Farinacci <dino@cisco.com>
Subject: Re: [RAM] Re: draft-bagnulo-lisp-threat-01
Date: Fri, 13 Jul 2007 16:21:17 -0700
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 13 Jul 2007 23:21:23.0998 (UTC) FILETIME=[8761A3E0:01C7C5A4]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=839; t=1184368890; x=1185232890; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dino@cisco.com; z=From:=20Dino=20Farinacci=20<dino@cisco.com> |Subject:=20Re=3A=20[RAM]=20Re=3A=20draft-bagnulo-lisp-threat-01 |Sender:=20 |To:=20marcelo=20bagnulo=20braun=20<marcelo@it.uc3m.es>; bh=sbzp5QNlVRuRzgjWgHPfUEs6ua7+Tygd4LUEhSzzdKE=; b=pIEGxMA63gcnOCh49iuap2GFlXUBX3MwVk/JJviZJtEX06nUY4b1efTKzVEfVzz4nS+vlvwe SOnJSAx4mrp9DNNIs5H+jCmdhVS2fSM0XBrSeDtB1AVvzIoh+tyoyY7n;
Authentication-Results: rtp-dkim-1; header.From=dino@cisco.com; dkim=pass (s ig from cisco.com/rtpdkim1001 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c
Cc: Robin Whittle <rw@firstpr.com.au>, ram@iab.org
X-BeenThere: ram@iab.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing and Addressing Mailing List <ram.iab.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ram>
List-Post: <mailto:ram@iab.org>
List-Help: <mailto:ram-request@iab.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ram>, <mailto:ram-request@iab.org?subject=subscribe>
Errors-To: ram-bounces@iab.org

> from a security analysis perspective, i guess an important question  
> would be if in LISP 3, TR also learn through tunneled data packets  
> and MAP-Reply packets as described in the draft-farinacci-lisp-01.  
> If yes, then we need to see if the threats identified in the threat  
> analysis draft also apply (but it is likely to be the case, if no  
> additional measures are taken to prevent them)

Yes, I agree. We are assuming at this point that CONS and NERD are  
control plane based and do not have data-triggered Map-Replies. Using  
APT, it depends. Because the design indicates that you send packet  
along the mapping service topology. That is a bit different where  
there isn't data plane triggered mappings but the data is sent over a  
control-plane. Much different than a LISP 1 and 1.5 approach.

Dino

_______________________________________________
RAM mailing list
RAM@iab.org
https://www1.ietf.org/mailman/listinfo/ram

v2.23.0 | Report a Bug | By Email