Re: [secdir] SecDir review of draft-ietf-pim-join-attributes-for-lisp-05

Dino Farinacci <farinacci@gmail.com> Fri, 21 October 2016 18:04 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7566F1295A4; Fri, 21 Oct 2016 11:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZNTb4rXZeiD; Fri, 21 Oct 2016 11:03:59 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E126112973D; Fri, 21 Oct 2016 11:03:56 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id s8so60609590pfj.2; Fri, 21 Oct 2016 11:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=FogpXFML3n4UvRm++IewcvtbCmsRJBEedkAaOhtmKF8=; b=RCv82/upga7bijxhu4BSj7ttJoTiRk4K0ImPGv9Iw935wHI27ll7rDKsDnvJa+4Hcb +PKbmYcQqJCTb9yigP3BAk9HjI2aREZyypFvywoFoujpVjK2geRg6I+gWJx8cSN0sVww Ab0C4gkVDnCi2EDTL+Cc2gARRR4NqRzQrIbcGSA+afKc+rm0g7n9ppQWZwt7TLvGl9aJ hwK1lHnBKNIC6+oAS3Sy5Xp2SWaDSn/JXL33+NGIQXfhsn/rIm+ObuILDDIoYIDX304I jo5d7O6+ROyLfXNbXa+TUWQmIYnITFbvkc4dab3hT7yNTcl8tJhuZLQ2ewxxJL3gwhKm 6lLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=FogpXFML3n4UvRm++IewcvtbCmsRJBEedkAaOhtmKF8=; b=H+wqEY/w4x1jMuqS6H2VV6rN2KB7CU0q16UoQMH7LvkqM9KDvK+HEAXnwSWQP6+SpI 30XVjs5TV3TNRNIk6NJnxtx5bVDGnb+FI95LqLzoHN2CLFZnRRumfeEYsiiFvALV6rXD /S//JGj0fTmbJf6Um7/8VrNsQiHD0OrRRGIGk0bJNNHXNYC+9osrt3/WZykA0eyl24RP bES/YAo81dL+AHBjGIpZA3jm+n4M7CsP1lcrpim35KdSOP2ZBuytgJRIRKBlQ9Mmktwv wzvPqVsRmWhS/zUGwkwDGf16CsIZZtFFJeE84RdC+QxD18nCWT92ZxFUpbvl3enKCT+6 humw==
X-Gm-Message-State: ABUngvcdcFeqWiUmKZC5ZYd3wvvSxgyMAf4yK4LqSoXoLF4tc0xDTUGMPGYq4yNv6U11Vw==
X-Received: by 10.98.193.2 with SMTP id i2mr3786980pfg.155.1477073035322; Fri, 21 Oct 2016 11:03:55 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id p88sm6734791pfi.51.2016.10.21.11.03.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Oct 2016 11:03:54 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <F47535A5-D16A-493A-BAD2-3FDE81E5CBC7@cisco.com>
Date: Fri, 21 Oct 2016 11:03:53 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <06024438-DD50-435C-8B44-397287BDD7EA@gmail.com>
References: <F47535A5-D16A-493A-BAD2-3FDE81E5CBC7@cisco.com>
To: Brian Weis <bew@cisco.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ZXsWtW3y1DsI3EGd7pIy6J4hSfw>
Cc: "draft-ietf-pim-join-attributes-for-lisp.all@tools.ietf.org" <draft-ietf-pim-join-attributes-for-lisp.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-pim-join-attributes-for-lisp-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 18:04:02 -0000

> These new attributes are all delivered in PIM messages, which are sent encapsulated in LISP, and if a user has chosen to protect the LISP traffic across the provider network for confidentiality or privacy reasons, and/or chosen to protect the PIM packets with an integrity method, then the new attributes will also be protected. The information in the attributes related only to delivery of the packets, and there are no particular privacy considerations. The current Security Considerations section seems adequate.

Yes, using lisp-crypto. But do you think different keying should be used for data versus control traffic?

Dino