[secdir] SecDir Review of draft-ietf-lisp-alt-09

Catherine Meadows <meadows@itd.nrl.navy.mil> Mon, 28 November 2011 16:53 UTC

Return-Path: <meadows@itd.nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6FE0021F8CE9; Mon, 28 Nov 2011 08:53:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id H-ldItZFr93a; Mon, 28 Nov 2011 08:53:54 -0800 (PST)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil []) by ietfa.amsl.com (Postfix) with ESMTP id BBC8021F8CE6; Mon, 28 Nov 2011 08:53:53 -0800 (PST)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net []) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id pASGrquZ003318; Mon, 28 Nov 2011 11:53:52 -0500 (EST)
Received: from chacs.nrl.navy.mil (sun1 []) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id pASGrmVV019383; Mon, 28 Nov 2011 11:53:51 -0500 (EST)
Received: from siduri.fw5540.net ([]) by chacs.nrl.navy.mil (SMSSMTP with SMTP id M2011112811534704798 ; Mon, 28 Nov 2011 11:53:47 -0500
From: Catherine Meadows <meadows@itd.nrl.navy.mil>
Content-Type: multipart/alternative; boundary=Apple-Mail-7-595257620
Date: Mon, 28 Nov 2011 12:04:01 -0500
Message-Id: <EDF32EE2-6FB1-4A08-8AF5-3F912EF562D0@itd.nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-lisp-alt.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Mon, 28 Nov 2011 08:58:09 -0800
Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
Subject: [secdir] SecDir Review of draft-ietf-lisp-alt-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2011 16:53:55 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  
These comments were written primarily for the benefit of the security area directors. 
Document editors and WG chairs should treat these comments just like any other last call comments. 

This document describes a distributed index system to be used
by the Locator/ID Separation Protocol (LISP) Ingress Tunnel Router
   (ITR) or Map Resolver (MR) to find the Egress Tunnel Router (ETR)
   which holds the mapping information for a particular Endpoint
   Identifier (EID).  The ITR or MR can then query the ETR to get the
information it needs.  This index, or Alternate Logical Topology, is built as an overlay
network on the Internet using the Border Gateway Protocol (BGP) and the
Generic Routing Encapsulation (GRE).

Since LISP+ALT relies on BGP, the authors correctly point out that that it shares many of
the security characteristics of BGP.  They should be commended, however, for not
merely pointing to the BGP document, but also addressing any new vulnerabilities
that could arise from using LISP+ALT.  These are mainly potential denial-of-service attacks, for which suggested
countermeasures are included.  Another is the
possibility that EID-prefixes would be more vulnerable to leakage since they will be more widely propagated out to
the global network.  The authors point out that addressing this problem requires more strict prefix filtering and authentication
on  the global routing system.  The authors also discuss, in a final paragraph (10.3), the potential use of emerging
BGP security mechanisms that would provide this authentication.

All in all, I think this is a very thorough and well-though-out discussion of the security considerations.  My only suggestion would be to include
a forward reference to paragraph 10.3 in the discussion of prefix leakage.

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil