ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [lisp] Last Call: <draft-ietf-lisp-crypto-07.txt> (LISP Data-Plane Confidentiality) to Experimental RFC

2016-10-05 01:45:44
from [Manish Kumar] [Permanent Link] 
Hello,

While I have not gone through the contents of some of the recent versions of 
this draft, the idea of a separate/dedicated confidential mechanism for each 
encapsulation/overlay protocol(LISP here) worries me. This gives attackers the 
opportunity to play with deficiencies of multiple such protocols/mechanisms as 
against using a standard mechanism (IPSec) here that’s likely to be more robust 
on that front. Ultimately, the underlay that LISP uses is based on IP (or 
IPv6), so it would be preferable to use IPSec, which is a standard robust 
proven mechanism for IP security. Having worked on integrating LISP and IPSec 
around 4-5 years back, I do realise there could be some challenges but some of 
them are clearly the results of ’security as an afterthought’ in the protocol 
design.

Thanks,
Manish


On 21-Sep-2016, at 12:54 AM, The IESG <iesg-secretary(_at_)ietf(_dot_)org> 
wrote:


The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'LISP Data-Plane Confidentiality'
 <draft-ietf-lisp-crypto-07.txt> as Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2016-10-04. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes a mechanism for encrypting LISP encapsulated
  traffic.  The design describes how key exchange is achieved using
  existing LISP control-plane mechanisms as well as how to secure the
  LISP data-plane from third-party surveillance attacks.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/ballot/


No IPR declarations have been submitted directly on this I-D.




_______________________________________________
lisp mailing list
lisp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/lisp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [lisp] Last Call: <draft-ietf-lisp-crypto-07.txt> (LISP Data-Plane Confidentiality) to Experimental RFC, Manish Kumar <=
Previous by Date:  USG IANA contract has expired, transition arrangements are now in effect, IETF Chair
Next by Date:  NomCom 2016: Call for Nominations Deadlines, NomCom Chair 2016
Previous by Thread:  USG IANA contract has expired, transition arrangements are now in effect, IETF Chair
Next by Thread:  NomCom 2016: Call for Nominations Deadlines, NomCom Chair 2016
Indexes:  [Date] [Thread] [Top] [All Lists]