Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15

Dino Farinacci <> Sun, 25 September 2016 21:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B2AE12B03C; Sun, 25 Sep 2016 14:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2lK-JYn2RDhh; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 553E312B02E; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
Received: by with SMTP id l25so10360434pfb.1; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4grrBslcPTs66nIkj1NTmpRogSah0N4f3zfc4p+UXA=; b=xgvffpE1QlGHWnqFk3CU/v17WhVZqtbv9lSLy67Ym9blrtdGbe213zeqavzk+p4KRI ljOZ4H3S7DJR7vVcn3ntI+yfBsR5yG6Q7nOvsuOe5hwfMuybiRB9e9Yep9jkJCRNZL6E tx17YbHzqQiMNLIw/l3KqhzzXkmobYmiRosFwTw2Ybnv4qWtGX6BLdZFVVEVcEtIZgb1 3KRNJdT4PYvKvIm66cII7YLDE+CnHu6YOTHiTPbciZgfdYeLWOeCyTVntUyKV3P5z2Jx /4wDvlc1AP8q+xYdS7C/Tppekoq/JiGsVf2g1nhuMFx+6f6eFfzayZiTZ/tYGC8dPzgh J0dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4grrBslcPTs66nIkj1NTmpRogSah0N4f3zfc4p+UXA=; b=SBYNgVvfwN8gVzuJ9mCo1Tssp3Huk7P1R+T6yziixdUJZKKJGKmYz/4Antq2XMo8PY EbAPeJZNu1p3WpaiiL/gjmJNgt9m9CniYWAJP06RleTdIrL5eM2+Z/83MlMRc+hYNHym lKqNbS+a2A2FbZ4x3ceqhMiKyY60iiPH6W6rvsi3KSqOoxdDwF+Y1rrUi1As19yPWZ7N 7AQE1UBX1xqiqmxPkI7R/1WZ8UHJK7XtDk8bU8x3kUEqwtrmUkNmswX731JzXZqb5Nzy 1Fl81Gin9KnJ8kXXgVG1AD1GRHGBcyEqM+5s760D3Om9GDhpchzNlxZmCYFaxBaptlNH uSog==
X-Gm-Message-State: AE9vXwNCqBGkEkNMytNcjaYTmfHomB58WQVevfj0cM2P7jOD7YhxfJt70oG3llUsJQJZSg==
X-Received: by with SMTP id y63mr32234144pfj.99.1474839736949; Sun, 25 Sep 2016 14:42:16 -0700 (PDT)
Received: from ?IPv6:2601:646:8d01:89f0:7958:5e82:524d:c6d5? ([2601:646:8d01:89f0:7958:5e82:524d:c6d5]) by with ESMTPSA id xn11sm25645222pac.38.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 25 Sep 2016 14:42:16 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <>
In-Reply-To: <>
Date: Sun, 25 Sep 2016 14:42:15 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: "Joel M. Halpern" <>
X-Mailer: Apple Mail (2.3124)
Archived-At: <>
Cc:, The IESG <>,, David Mandelberg <>
Subject: Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Sep 2016 21:42:19 -0000

> As I understand it, the multiple representations are deliberate.  I do think we should add a little text in the security considerations section noting that the representation has to be preserved if the information is signed.

I assume Joel’s comment is relating to this David comment:

> There are multiple places in the document where it's possible to encode
> semantically equivalent information in multiple ways, despite the word
> "canonical" being in the title of the document. Is there anything that
> relies on these addresses being canonical for security purposes?

Yes, multiple representations is deliberate. I’ll comment in more detail to my response to David’s email.

> Your comment on the algorithm ID in section 4.7 seems cogent.  I will let the authors respond.

I’ll make the Key Sections more clear. Stay tuned for another response.