Re: [secdir] review of draft-saucez-lisp-impact-04.txt

"Hilarie Orman" <ho@alum.mit.edu> Tue, 13 October 2015 17:29 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD1A1B4BFC; Tue, 13 Oct 2015 10:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOBRGWn9yull; Tue, 13 Oct 2015 10:29:36 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B43C1B4BF7; Tue, 13 Oct 2015 10:29:36 -0700 (PDT)
Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from <hilarie@purplestreak.com>) id 1Zm3OG-0003mT-1s; Tue, 13 Oct 2015 11:29:32 -0600
Received: from [72.250.219.84] (helo=sylvester.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <hilarie@purplestreak.com>) id 1Zm3OD-0007X5-SB; Tue, 13 Oct 2015 11:29:31 -0600
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.4/Debian-2ubuntu1) with ESMTP id t9DHT04l017054; Tue, 13 Oct 2015 11:29:00 -0600
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id t9DHSxCO017053; Tue, 13 Oct 2015 11:28:59 -0600
Date: Tue, 13 Oct 2015 11:28:59 -0600
Message-Id: <201510131728.t9DHSxCO017053@sylvester.rhmr.com>
From: "Hilarie Orman" <ho@alum.mit.edu>
To: damien.saucez@inria.fr
In-reply-to: Yourmessage <5CB43879-FDB2-4C69-9B3C-9830E2E9F8E0@inria.fr>
X-XM-AID: U2FsdGVkX18IxeyCUpio8bJ6YeisQP/a
X-SA-Exim-Connect-IP: 72.250.219.84
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ***;damien.saucez@inria.fr
X-Spam-Relay-Country:
X-Spam-Timing: total 1214 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 9 (0.7%), b_tie_ro: 6 (0.5%), parse: 0.64 (0.1%), extract_message_metadata: 18 (1.4%), get_uri_detail_list: 2.8 (0.2%), tests_pri_-1000: 3.6 (0.3%), tests_pri_-950: 1.11 (0.1%), tests_pri_-900: 0.91 (0.1%), tests_pri_-400: 19 (1.5%), check_bayes: 18 (1.4%), b_tokenize: 5 (0.4%), b_tok_get_all: 5 (0.5%), b_comp_prob: 2.0 (0.2%), b_tok_touch_all: 2.8 (0.2%), b_finish: 0.63 (0.1%), tests_pri_0: 503 (41.4%), tests_pri_500: 658 (54.2%), poll_dns_idle: 654 (53.9%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/s1tMSGPScLlJw7kZmumM2tSuFLw>
Cc: draft-saucez-lisp-impact@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] review of draft-saucez-lisp-impact-04.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2015 17:29:38 -0000

Thanks for pointing out my mistake.  I have now reviewed
draft-ietf-lisp-impact-04 and the same comments about security apply.

Hilarie

>  From: Damien Saucez <damien.saucez@inria.fr>
>  Date: Tue, 13 Oct 2015 08:13:08 +0200


>  Thank you for the review. I would have a question regarding the document you reviewed. Did you review th

>  draft-sauces-lisp-impact-04

>  or 

>  draft-ietf-lisp-impact-04

>  Thank you,

>  Damien Saucez 

>  On 13 Oct 2015, at 05:01, Hilarie Orman <ho@alum.mit.edu> wrote:

>  > Secdir review of LISP Impact
>  > draft-saucez-lisp-impact-04.txt
>  > 
>  > Do not be alarmed.  I have reviewed this document as part of the
>  > security directorate's ongoing effort to review all IETF documents
>  > being processed by the IESG.  These comments were written primarily
>  > for the benefit of the security area directors.  Document editors and
>  > WG chairs should treat these comments just like any other last call
>  > comments.
>  > 
>  > A new way of handling routing information has been defined in IETF
>  > documents about the Locator/Identifier Separation Protocol (LISP).
>  > The draft under discussion here elaborates on the possible
>  > consequences of widespread use of LISP.
>  > 
>  > The draft punts on security considerations and refers to previous
>  > documents describing threats to LISP and how LISP uses cryptography
>  > for protecting the integrity of its messages.
>  > 
>  > It seems to me that if the purported impact of LISP is to "scale the
>  > Internet", then its impact on security should be a major part of the
>  > equation.  Will it make routing information more or less vulnerable
>  > malicious manipulation?  How will it affect the stability of a network
>  > that is under constant threat of attack?
>  > 
>  > I don't feel that the draft can achieve its purpose without addressing
>  > security.
>  > 
>  > Hilarie
>  > 
>  > PS. I was very disappointed to realize that this was not a draft
>  > about my favorite programming language.
>  >