[secdir] secdir review of draft-ietf-lisp-ddt-08

Radia Perlman <radiaperlman@gmail.com> Fri, 14 October 2016 06:07 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 360C012946A; Thu, 13 Oct 2016 23:07:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALTzdCOkU6oI; Thu, 13 Oct 2016 23:07:49 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01A0512945B; Thu, 13 Oct 2016 23:07:48 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id t73so125850793oie.1; Thu, 13 Oct 2016 23:07:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=jcDbOiagz3BkBC0WD7hz8sFJMxtXcv7RY+lvgkjBuCY=; b=Khb9NX7DCn0Il1f47PthY/J4gGkROFvxxgrbXAOeZN2vEvFs21BkZvRMpXcELitFno vCSgxrwkQmTPGPneE6LuOZvnATSgAWujJQMvQaDqMkTlIcFpbRDOpZEGOLoLp8UVVjVL fu3M2w/0AQFZ/i9OAsugumWSqJ9pxkmDV3z1XyXNuce6L+IjNT6F7l2PNlQpxiD3zCrH TG1Fn/cFNoaFoPjBfZJmqtOwPrng1SnrsbDHw7Ngw6hVa3RFC56JNsl8gjm26EPoDtD4 gzHAP+nkHGJ3o1gy/s7OvxQ+LA5qEOhtZfP9BDCf8oCETqN4QCD+vl7EBjBkRgWYGIzL 4mog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jcDbOiagz3BkBC0WD7hz8sFJMxtXcv7RY+lvgkjBuCY=; b=a1Z7hq9Xs0m+OWjgUX41YljeYJOoTlVkD6juKwvVWlpkZazkOZi7ZFeCPikvjRHdV8 4+46d7qbnemFwAIiYc8GpE4pkQXIiWXA6wq8rU4tmxUL9PFu5faFhY5mgPzfAJCl24M9 sjllfUDZF41E2cSbOJECzUwf5D7dvOlhe1Cju+oWW19cohOQpRMlH2sr3gG+9I2PZdug hPT/hJbi8PH3wUL2qlqVKYHK6cnRaOnNdPiMEexfxeee6C3mM0zrr7q/sM9Hy6EilQMw OqiGvp9eUwvWKRvbymq95qt4zhyj5zJInCcWrRjawj+NH9D6lizB6q7d6sYppitd+0GW RuRQ==
X-Gm-Message-State: AA6/9RmSj8QunYLrfMGb1IwazuOMya0LUx3lxcXObXDgVPn0Vnww9NZGt0GE/Nc5QGuLmYsk44ovNPQRPBMJ8g==
X-Received: by 10.202.5.195 with SMTP id 186mr6207420oif.99.1476425268136; Thu, 13 Oct 2016 23:07:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.232.201 with HTTP; Thu, 13 Oct 2016 23:07:47 -0700 (PDT)
From: Radia Perlman <radiaperlman@gmail.com>
Date: Thu, 13 Oct 2016 23:07:47 -0700
Message-ID: <CAFOuuo6CDMNBib+QOg1hVE5kOwYt_d0rZ66L3nuzUUHmbJKa3g@mail.gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-lisp-ddt.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="94eb2c18d24ea50df0053ecd0b7d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-oXNEriEwjXFDKHq_JTLKbsiET0>
Subject: [secdir] secdir review of draft-ietf-lisp-ddt-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 06:07:51 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes a hierarchical distributed database that helps a
router find a mapping between what LISP calls an "endpoint identifier" and
"routing locator".

I have not been following LISP, and am not completely convinced that it
solves a problem that can't be solved in other ways, but hierarchical
distributed databases do seem like the right solution for lots of problems
(like DNS).

I do not recommend trying to dive into LISP starting with this document.
Alia Atlas helpfully pointed me at the document "An architectural
Introduction to the Locator/ID Separation Protocol".  It would have been
nice if this document referenced it, though it's not an RFC...it's an
internet draft.

Anyway, from a security point of view, it seems fine, mostly because it's
pretty much copied all the security mechanisms from DNSSEC. I do wonder why
a whole separate infrastructure would be necessary, and why this
information couldn't simply be in DNS.

Radia