Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15

Dino Farinacci <farinacci@gmail.com> Sun, 25 September 2016 21:42 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2AE12B03C; Sun, 25 Sep 2016 14:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lK-JYn2RDhh; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 553E312B02E; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id l25so10360434pfb.1; Sun, 25 Sep 2016 14:42:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4grrBslcPTs66nIkj1NTmpRogSah0N4f3zfc4p+UXA=; b=xgvffpE1QlGHWnqFk3CU/v17WhVZqtbv9lSLy67Ym9blrtdGbe213zeqavzk+p4KRI ljOZ4H3S7DJR7vVcn3ntI+yfBsR5yG6Q7nOvsuOe5hwfMuybiRB9e9Yep9jkJCRNZL6E tx17YbHzqQiMNLIw/l3KqhzzXkmobYmiRosFwTw2Ybnv4qWtGX6BLdZFVVEVcEtIZgb1 3KRNJdT4PYvKvIm66cII7YLDE+CnHu6YOTHiTPbciZgfdYeLWOeCyTVntUyKV3P5z2Jx /4wDvlc1AP8q+xYdS7C/Tppekoq/JiGsVf2g1nhuMFx+6f6eFfzayZiTZ/tYGC8dPzgh J0dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4grrBslcPTs66nIkj1NTmpRogSah0N4f3zfc4p+UXA=; b=SBYNgVvfwN8gVzuJ9mCo1Tssp3Huk7P1R+T6yziixdUJZKKJGKmYz/4Antq2XMo8PY EbAPeJZNu1p3WpaiiL/gjmJNgt9m9CniYWAJP06RleTdIrL5eM2+Z/83MlMRc+hYNHym lKqNbS+a2A2FbZ4x3ceqhMiKyY60iiPH6W6rvsi3KSqOoxdDwF+Y1rrUi1As19yPWZ7N 7AQE1UBX1xqiqmxPkI7R/1WZ8UHJK7XtDk8bU8x3kUEqwtrmUkNmswX731JzXZqb5Nzy 1Fl81Gin9KnJ8kXXgVG1AD1GRHGBcyEqM+5s760D3Om9GDhpchzNlxZmCYFaxBaptlNH uSog==
X-Gm-Message-State: AE9vXwNCqBGkEkNMytNcjaYTmfHomB58WQVevfj0cM2P7jOD7YhxfJt70oG3llUsJQJZSg==
X-Received: by 10.98.62.194 with SMTP id y63mr32234144pfj.99.1474839736949; Sun, 25 Sep 2016 14:42:16 -0700 (PDT)
Received: from ?IPv6:2601:646:8d01:89f0:7958:5e82:524d:c6d5? ([2601:646:8d01:89f0:7958:5e82:524d:c6d5]) by smtp.gmail.com with ESMTPSA id xn11sm25645222pac.38.2016.09.25.14.42.16 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 25 Sep 2016 14:42:16 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <28c0b4b6-c4b8-94a2-fc7c-629b66085b50@joelhalpern.com>
Date: Sun, 25 Sep 2016 14:42:15 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <F3FC53A1-E332-46D0-941E-22ECE1891A87@gmail.com>
References: <17032e8e-f1d0-8fb4-7294-2e2ca5c9fb06@mandelberg.org> <28c0b4b6-c4b8-94a2-fc7c-629b66085b50@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xVg06xa21nxY2DWNsvo3xqGoG1Q>
Cc: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf.all@ietf.org, David Mandelberg <david@mandelberg.org>
Subject: Re: [secdir] secdir review of draft-ietf-lisp-lcaf-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2016 21:42:19 -0000

> As I understand it, the multiple representations are deliberate.  I do think we should add a little text in the security considerations section noting that the representation has to be preserved if the information is signed.

I assume Joel’s comment is relating to this David comment:

> There are multiple places in the document where it's possible to encode
> semantically equivalent information in multiple ways, despite the word
> "canonical" being in the title of the document. Is there anything that
> relies on these addresses being canonical for security purposes?

Yes, multiple representations is deliberate. I’ll comment in more detail to my response to David’s email.

> Your comment on the algorithm ID in section 4.7 seems cogent.  I will let the authors respond.

I’ll make the Key Sections more clear. Stay tuned for another response.

Dino