Re: [lisp] Last Call: <draft-ietf-lisp-sec-13.txt> (LISP-Security (LISP-SEC)) to Experimental RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a comment on this newly added paragraph:


I don’t think it reads clearly. Here are my comments:

(1) First sentence, I think you mean “replay it” versus “reply it”.

(2) You should talk separately of a replayed Map-Request and then a replayed Map-Reply. Combining it makes it confusing on which case the ITR discards a Map-Reply. Because a Map-Reply is not responded to by a replayed Map-Reply so it can only mean a replayed Map-Reqeust.

(3) And if the replayed Map-Reply returns to the ITR BEFORE the one from the non-attacker, it cannot tell if the Map-Reply was from a non-attacker or an attacker. So you need to explain what happens in both cases (where the simple case is already in the text above).

(4) What is a “LISP-SEC computation”? That needs to be made more clear.

Please clarify this section. It needs it.

Dino


On Sep 20, 2017, at 10:54 AM, The IESG <iesg-secretary@xxxxxxxx> wrote:


The IESG has received a request from the Locator/ID Separation Protocol WG
(lisp) to consider the following document: - 'LISP-Security (LISP-SEC)'
 <draft-ietf-lisp-sec-13.txt> as Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2017-10-04. Exceptionally, comments may be
sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This memo specifies LISP-SEC, a set of security mechanisms that
  provides origin authentication, integrity and anti-replay protection
  to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
  process.  LISP-SEC also enables verification of authorization on EID-
  prefix claims in Map-Reply messages.





The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/ballot/


No IPR declarations have been submitted directly on this I-D.




_______________________________________________
lisp mailing list
lisp@xxxxxxxx
https://www.ietf.org/mailman/listinfo/lisp

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]