Re: [lisp] Last Call: <draft-ietf-lisp-crypto-07.txt> (LISP Data-Plane Confidentiality) to Experimental RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

While I have not gone through the contents of some of the recent versions of this draft, the idea of a separate/dedicated confidential mechanism for each encapsulation/overlay protocol(LISP here) worries me. This gives attackers the opportunity to play with deficiencies of multiple such protocols/mechanisms as against using a standard mechanism (IPSec) here that’s likely to be more robust on that front. Ultimately, the underlay that LISP uses is based on IP (or IPv6), so it would be preferable to use IPSec, which is a standard robust proven mechanism for IP security. Having worked on integrating LISP and IPSec around 4-5 years back, I do realise there could be some challenges but some of them are clearly the results of ’security as an afterthought’ in the protocol design.

Thanks,
Manish

> On 21-Sep-2016, at 12:54 AM, The IESG <iesg-secretary@xxxxxxxx> wrote:
> 
> 
> The IESG has received a request from the Locator/ID Separation Protocol
> WG (lisp) to consider the following document:
> - 'LISP Data-Plane Confidentiality'
>  <draft-ietf-lisp-crypto-07.txt> as Experimental RFC
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@xxxxxxxx mailing lists by 2016-10-04. Exceptionally, comments may be
> sent to iesg@xxxxxxxx instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
>   This document describes a mechanism for encrypting LISP encapsulated
>   traffic.  The design describes how key exchange is achieved using
>   existing LISP control-plane mechanisms as well as how to secure the
>   LISP data-plane from third-party surveillance attacks.
> 
> 
> 
> 
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/
> 
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/ballot/
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 
> 
> 
> 
> _______________________________________________
> lisp mailing list
> lisp@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/lisp





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]