Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15

Dino Farinacci <farinacci@gmail.com> Sat, 01 October 2016 18:30 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3AD812B02E; Sat, 1 Oct 2016 11:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.8
X-Spam-Level:
X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CU_nTu2eJO6n; Sat, 1 Oct 2016 11:30:58 -0700 (PDT)
Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E83A912B01D; Sat, 1 Oct 2016 11:30:57 -0700 (PDT)
Received: by mail-pf0-x232.google.com with SMTP id q2so50587673pfj.3; Sat, 01 Oct 2016 11:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/3PKlis/vG3JYUkpggPxRnQ5sj7Fq3mR41zg2EVtMxI=; b=p2jdCLWnf0mkacT7lxlnB4vqUg+VxKIpcNJGOyCYQIs3Jj4dEyFOBTIw/QkRT4FksW GpVHiGqIw+lghIkKJPguoPk4qVgeObP4CIJi7J0yBCwcuLtst6YbQgVLRdycGvi58l9l 3vhalPsjmhi1qNwh+Yh4C4wo1eTUZ1eutnlgopDegisGIhuCb1fwlmhm6n/ytfS6wuO3 Kjw/AoPcqgDPA/2diLwyMdDixF2QqHfcuE+VC7dgFVEsCLOjqgG1vdU3Kw/XQ6hLQSBY w/7u4pW0fX7rV/MQoT+LdIPV+EKUO25LQbv/jTjS2UuPpyXXHohGPZWcQKOkgZ6UeEOJ NxdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/3PKlis/vG3JYUkpggPxRnQ5sj7Fq3mR41zg2EVtMxI=; b=HEr6SNFXIui9ziZraZDId+XP5ihDU93xZr/RxndhUYiylJFh8kYjhpmUmsyJBowUt4 sbr8lHmfPfe15bxdDN+u/OTJwbao4CAlxAyYiz3HV/Hzjsa0jhe7m8lwFt8h/QP+B2aR ZhuHEgCSqoiE9iUwPDhYdiPeAVFm+fC/MN+hgviZ+Iy6iNjKo9a7agf/tbkg/F32GV0T iy6oSBcMsiKodHfc76j2vw7LtQ0MZfGkB/rzzXgHaQ+F3S9fcbzd24sbcqx7+I8eB3qO t/LhxdvCR5QIKa7qEFCMX3tG3lb7OahH+AF+jdL/80ftGIe0mk96lUqSPz+CYmGvv0il 57hw==
X-Gm-Message-State: AA6/9Rmrrusrzd2kcqjGtqzwvcetIidOs6Rdx3dnVYh04X91oAzwQsFJSipZDC6M9vrWIw==
X-Received: by 10.98.155.7 with SMTP id r7mr22337459pfd.171.1475346657342; Sat, 01 Oct 2016 11:30:57 -0700 (PDT)
Received: from [10.194.125.197] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id c26sm36465715pfe.20.2016.10.01.11.30.56 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 01 Oct 2016 11:30:56 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Dino Farinacci <farinacci@gmail.com>
X-Mailer: iPhone Mail (14A456)
In-Reply-To: <4c2ca5d7-ce89-b107-f7fa-1f22ba19eaf5@mandelberg.org>
Date: Sat, 1 Oct 2016 11:30:53 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5F42B1E-2B22-4B03-9084-65086169C1E0@gmail.com>
References: <17032e8e-f1d0-8fb4-7294-2e2ca5c9fb06@mandelberg.org> <2290972B-B93D-496A-8AF3-16B72D19B654@gmail.com> <cea887fa-f076-2ada-c9c8-fce548dccfca@mandelberg.org> <D896C233-1414-4635-9DE3-FE10A7BF1E69@gmail.com> <4c2ca5d7-ce89-b107-f7fa-1f22ba19eaf5@mandelberg.org>
To: David Mandelberg <david@mandelberg.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/oyGf6gJAyPXlmnu_daZhim0im1w>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf.all@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2016 18:30:59 -0000

> On Oct 1, 2016, at 10:28 AM, DavidMandelberg <david@mandelberg.org> wrote:
> 
> are distinct LCAF addresses. Additionally, if an LCAF address is
> digitally signed or MACed, the specific encoding of the address must be
> preserved in order for the signature or MAC to be valid on receipt.

Okay so based in this text I finally get the point of your comment. 

But what you state is not true. These addresses are content in a message. If a message is signed and includes an address if the signer, that address is from the Io header. 

And no matter how the address is encoded, it always shows up as AFI=1 and an IPv4 address. 

Dino