[Secdispatch] Controller-IKE

"David Carrel (carrel)" <carrel@cisco.com> Sat, 20 July 2019 02:20 UTC

Return-Path: <carrel@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E6BF12014E for <secdispatch@ietfa.amsl.com>; Fri, 19 Jul 2019 19:20:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=iIgbDm12; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=sGuIXwPX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBZiU5ZyJ8yB for <secdispatch@ietfa.amsl.com>; Fri, 19 Jul 2019 19:20:39 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BBB2120139 for <secdispatch@ietf.org>; Fri, 19 Jul 2019 19:20:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6273; q=dns/txt; s=iport; t=1563589238; x=1564798838; h=from:to:subject:date:message-id:mime-version; bh=s3S2OS+mGXPe7Opsit5ZcX1Y2Kb8geAAUQOS101wqis=; b=iIgbDm12WML2RS00tDgraOvguKBxzbfbWT1vdrZ3nAAOdF86SNFkD8tq PNtDx6/d68PuRZKaYH00ekglRIBC9D7NSBz6giR2hrKjtCR8TV3Km04gO Ewy3TbYdxaYEgPxcZrvg6kR78VbWZZ99GZ0OKuCx+yxf2Ia/t8ZvYRsOA w=;
IronPort-PHdr: =?us-ascii?q?9a23=3AYGFmrxzwy5BHXmDXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YR2N/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZuOAFfhIfrCZC0hF8MEX1hgrDm2?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BNBgBHeTJd/5hdJa1mghmBFS9QA21?= =?us-ascii?q?VIAQLKoQdg0cDjXxMlQqEVYEugSQDVAkBAQEMAQEjCgIBAYRAGYI7IzQJDgE?= =?us-ascii?q?DAQEEAQECAQZthR4BC4VjEQoTAQE4EQFKAgQwJwQ1gwABgR1NAx0BAgygAgK?= =?us-ascii?q?BOIhgcYEygnkBAQWBNgKBD4I9GIITAwaBNItfF4F/gREnH4VrAQEDgguCXjK?= =?us-ascii?q?CJo54hH6Ia44GCQKCGYZYjTQbgi2HJYQMiiyGA4cyh0iQCAIEAgQFAg4BAQW?= =?us-ascii?q?BUDiBWHAVZQGCQYYzhRSFP3IMgR2OfgEB?=
X-IronPort-AV: E=Sophos;i="5.64,285,1559520000"; d="scan'208,217";a="598364310"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Jul 2019 02:20:37 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x6K2KbIj006376 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <secdispatch@ietf.org>; Sat, 20 Jul 2019 02:20:37 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 19 Jul 2019 21:20:36 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 19 Jul 2019 21:20:36 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 19 Jul 2019 21:20:36 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VUKDXFCRLbeX1jzKyAGQXGu/EXwy0nyoW75RMF97hjexKDKr7imQ8M3BJolilaz2xDnJwU4mQwAB0mOQR3d/g7QA0c8F9mvCDJ0dhZCkQpZlI63eZN13sXO5hoauUCwxSZIIbPFwnmlZuPx3jG1/S9B+1AZJPtrlOgnAQRxOR5lGhtje7f+Jmg7cG2GWFBVyBZMFQgKAg6p+f2x1FO3u9kYterH1OqyU6dhXXD/Wd7hT6EPjSUV06bbpyt1XoeMdjz61jOBuNpgjPhhao+vmssr9FJjgRQj9HropI/tdzasxADJbYVgj+TZRX2Hiu65AOsYPZTOo9WYzTryNTbLHdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s3S2OS+mGXPe7Opsit5ZcX1Y2Kb8geAAUQOS101wqis=; b=T3AkqW0AZbkTW1JMeChieZYRkAUcnxb5UOsOltb2PdIVrMjQTjWsm+nvmC1ddzsDRu681pqWFV+Br4ft9tDefgBlKUZhztthPWDoIPIXp3Y1JwHgfwCIZVI0IEaWJIobYlo7wi75IJH5mDqJOmJbu3GG4zWNC15zEzynazpqEzhHx4RXJbgi/kTnM6X+Q7hTrj+e2JtKYpr/rvGOnNOXPWDzQdkUwcNBgKrr9zgwYoeCEg8Np0ZLOKon2lLe0/NXMg+Ji+Ba8xgfnd3H/eAnbSnqzM9MMzER58+C4huAwgCvhoQL5BlUki5equSbYF5dt8e/tBWQZhtmauA87CHbcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s3S2OS+mGXPe7Opsit5ZcX1Y2Kb8geAAUQOS101wqis=; b=sGuIXwPXRXhR7PzNh/jXc+61kv2ZfZyS65Kkonxmgs/tOpbXS1PbaRzQJozvnWrJqMzJGXqB438KjW4gEe/325A+JSj5VWCa7ATzaNUWW6gz3TEopA63tx7v3UDxw4FXbc8sJKBF9fE+6Wl/qJKRKFHJ9y7KQpOJ9wH8K3lvZSM=
Received: from BYAPR11MB3046.namprd11.prod.outlook.com (20.177.225.213) by BYAPR11MB2679.namprd11.prod.outlook.com (52.135.227.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Sat, 20 Jul 2019 02:20:35 +0000
Received: from BYAPR11MB3046.namprd11.prod.outlook.com ([fe80::c895:4d83:c5b8:b3d6]) by BYAPR11MB3046.namprd11.prod.outlook.com ([fe80::c895:4d83:c5b8:b3d6%6]) with mapi id 15.20.2073.012; Sat, 20 Jul 2019 02:20:35 +0000
From: "David Carrel (carrel)" <carrel@cisco.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: Controller-IKE
Thread-Index: AQHVPqG2qaTEIVD/zEy+2+Xv9S/jDw==
Date: Sat, 20 Jul 2019 02:20:35 +0000
Message-ID: <CDF90625-34F6-40C3-8AE4-AACD50D70C2E@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=carrel@cisco.com;
x-originating-ip: [2001:420:c0c8:1003::692]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7075f9de-b881-497d-d5b5-08d70cb8d95d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB2679;
x-ms-traffictypediagnostic: BYAPR11MB2679:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BYAPR11MB2679B02EB08885FB125CE5BECBCA0@BYAPR11MB2679.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0104247462
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(39860400002)(346002)(366004)(396003)(189003)(199004)(2351001)(606006)(33656002)(3480700005)(14454004)(236005)(6512007)(54896002)(102836004)(5640700003)(6306002)(6916009)(53936002)(66946007)(6436002)(478600001)(5660300002)(46003)(1730700003)(66476007)(81156014)(966005)(6506007)(71190400001)(66446008)(790700001)(476003)(6116002)(64756008)(71200400001)(2501003)(486006)(76116006)(6486002)(25786009)(186003)(256004)(7736002)(14444005)(2906002)(8936002)(81166006)(8676002)(99286004)(2616005)(86362001)(36756003)(66556008)(68736007)(316002)(4744005); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2679; H:BYAPR11MB3046.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /h34rdcDsM6JORJVTph2v0wxNtC0FDfl2sMGNYg3b4NBLr00gHEMsKwEP8tvstsBugsFpBiMXlfxdoAbkY4f8e44/ZM+KXSDDnhNX4CdbInoo6ngETwBTIYoapEiN3Gk0UfCFn2XPUYUdKaWZfTOuapxxve+K20WGm7U6oI7O/vEJxAeE1n92dTQKZOFk17vawy44KUBiTKo1uLM64uOg1RuQpDFtzv1B4zdm1AvBN6XnAg3mZ2ERmgh2ADM9IIfPUfp8xG3On5fH67KkEXlemaZHrXpWKawQ0um9eMkT4RZ47ygGf/j7g7u2oI3cBGA9Krd93e3Dd8eKCtlbCanzpv/ne5PSf/T0Xl1xnbeM1+iftLju2L2oe6EiPjbP6DMY0cvLY/upLtLNBmrnKtiedNkO2nQmbgF/rKKG/L6Rec=
Content-Type: multipart/alternative; boundary="_000_CDF9062534F640C38AE4AACD50D70C2Eciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7075f9de-b881-497d-d5b5-08d70cb8d95d
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2019 02:20:35.4966 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: carrel@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2679
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.30, xch-aln-020.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/7WN_3vPepomDq1mRstj7zg55EvA>
Subject: [Secdispatch] Controller-IKE
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2019 02:20:41 -0000

Folks,

I would like to present Controller-IKE in the Montreal Security Dispatch meeting.  There is growing interest from routing folks, and I strongly feel we should evaluate and progress this in the security area.  I’ll have some slides to share shortly.  For now, please do read the draft.  Also there are some drafts referencing this:

Controller-IKE: https://tools.ietf.org/html/draft-carrel-ipsecme-controller-ike-01

Also some docs referencing this form of key management:
BESS, Secure EVPN: https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn-02
And: https://tools.ietf.org/html/draft-dunbar-bess-bgp-sdwan-usage-01

Comments appreciated.

Dave